commit c06e07128c0588f100803eda09cd11b42bb5f16e
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 20 16:21:04 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:23:54 2018 +0300
tree 647146d5ba7eac06de7fd8e890dd226207a12b39
parent 248051acb6a1d24bb83504cd9eaae2a3f9418044

Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types

In psa_hash_start, psa_mac_start and psa_cipher_setup, return
PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when
the algorithm parameter is not the right category.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index dba8a5d..90b4354 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -865,7 +865,9 @@
             break;
 #endif
         default:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( PSA_ALG_IS_HASH( alg ) ?
+                    PSA_ERROR_NOT_SUPPORTED :
+                    PSA_ERROR_INVALID_ARGUMENT );
     }
     if( ret == 0 )
         operation->alg = alg;
@@ -1166,7 +1168,8 @@
     else
 #endif /* MBEDTLS_MD_C */
     {
-        /* fall through with NOT_SUPPORTED */
+        if( ! PSA_ALG_IS_MAC( alg ) )
+            status = PSA_ERROR_INVALID_ARGUMENT;
     }
 
     if( status != PSA_SUCCESS )
@@ -1910,6 +1913,12 @@
 static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation,
                                      psa_algorithm_t alg )
 {
+    if( ! PSA_ALG_IS_CIPHER( alg ) )
+    {
+        memset( operation, 0, sizeof( *operation ) );
+        return( PSA_ERROR_INVALID_ARGUMENT );
+    }
+
     operation->alg = alg;
     operation->key_set = 0;
     operation->iv_set = 0;