commit da9227de7c3d822d13c4d821e07755c9b3db42ef
author Ryan Everett <ryan.everett@arm.com> Thu Jan 25 11:37:22 2024 +0000
committer Ryan Everett <ryan.everett@arm.com> Wed Feb 07 17:32:16 2024 +0000
tree d559416e3a450ed67989561b549cc820ff833097
parent f943e22bb9b8291fc8f49b4027b428ad45d6e789

Fix psa_key_derivation_output_bytes

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 85728c3..a09877e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5814,13 +5814,6 @@
         return PSA_ERROR_BAD_STATE;
     }
 
-    if (output_length > operation->capacity) {
-        operation->capacity = 0;
-        /* Go through the error path to wipe all confidential data now
-         * that the operation object is useless. */
-        status = PSA_ERROR_INSUFFICIENT_DATA;
-        goto exit;
-    }
     if (output_length == 0 && operation->capacity == 0) {
         /* Edge case: this is a finished operation, and 0 bytes
          * were requested. The right error in this case could
@@ -5832,6 +5825,14 @@
     }
 
     LOCAL_OUTPUT_ALLOC(output_external, output_length, output);
+    if (output_length > operation->capacity) {
+        operation->capacity = 0;
+        /* Go through the error path to wipe all confidential data now
+         * that the operation object is useless. */
+        status = PSA_ERROR_INSUFFICIENT_DATA;
+        goto exit;
+    }
+
     operation->capacity -= output_length;
 
 #if defined(BUILTIN_ALG_ANY_HKDF)
@@ -5872,8 +5873,6 @@
     }
 
 exit:
-    LOCAL_OUTPUT_FREE(output_external, output);
-
     if (status != PSA_SUCCESS) {
         /* Preserve the algorithm upon errors, but clear all sensitive state.
          * This allows us to differentiate between exhausted operations and
@@ -5884,6 +5883,8 @@
         operation->alg = alg;
         memset(output, '!', output_length);
     }
+
+    LOCAL_OUTPUT_FREE(output_external, output);
     return status;
 }