commit e907e55f39deb3c82a9f8817c1f433b5572397a5
author Ronald Cron <ronald.cron@arm.com> Mon Jan 18 13:22:38 2021 +0100
committer Ronald Cron <ronald.cron@arm.com> Tue Feb 02 11:38:50 2021 +0100
tree 0ed184c2ec04c48cdf3d1397dfa374d7f215d578
parent 9cfdf6ebe71a6956abd2f0c0b7ec83b1362eb76e

psa: export: Check output buffer size earlier

Check output buffer size before doing anything
that requires a clean-up if a failure happens.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 55b7d2f..2d93397 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1217,6 +1217,12 @@
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
+    /* Reject a zero-length output buffer now, since this can never be a
+     * valid key representation. This way we know that data must be a valid
+     * pointer and we can do things like memset(data, ..., data_size). */
+    if( data_size == 0 )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+
     /* Set the key to empty now, so that even when there are errors, we always
      * set data_length to a value between 0 and data_size. On error, setting
      * the key to empty is a good choice because an empty key representation is
@@ -1232,15 +1238,6 @@
     if( status != PSA_SUCCESS )
         return( status );
 
-    /* Reject a zero-length output buffer now, since this can never be a
-     * valid key representation. This way we know that data must be a valid
-     * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-    {
-         status = PSA_ERROR_BUFFER_TOO_SMALL;
-         goto exit;
-    }
-
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };
@@ -1248,7 +1245,6 @@
                  slot->key.data, slot->key.bytes,
                  data, data_size, data_length );
 
-exit:
     unlock_status = psa_unlock_key_slot( slot );
 
     return( ( status == PSA_SUCCESS ) ? unlock_status : status );
@@ -1325,6 +1321,12 @@
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
 
+    /* Reject a zero-length output buffer now, since this can never be a
+     * valid key representation. This way we know that data must be a valid
+     * pointer and we can do things like memset(data, ..., data_size). */
+    if( data_size == 0 )
+        return( PSA_ERROR_BUFFER_TOO_SMALL );
+
     /* Set the key to empty now, so that even when there are errors, we always
      * set data_length to a value between 0 and data_size. On error, setting
      * the key to empty is a good choice because an empty key representation is
@@ -1342,15 +1344,6 @@
          goto exit;
     }
 
-    /* Reject a zero-length output buffer now, since this can never be a
-     * valid key representation. This way we know that data must be a valid
-     * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-    {
-         status = PSA_ERROR_BUFFER_TOO_SMALL;
-         goto exit;
-    }
-
     psa_key_attributes_t attributes = {
         .core = slot->attr
     };