Be explicit about why the zero-length check is there Since a valid mac operation context would guarantee that the stored mac size is >= 4, it wasn't immediately obvious that the zero-length check is meant for static analyzers and a bit of robustness. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

commit: f8ad2123f92f53b6988d013fa58619204abfbcc0 [log] [tgz]
author: Steven Cooreman <steven.cooreman@silabs.com> Tue May 11 11:09:13 2021 +0200
committer: Steven Cooreman <steven.cooreman@silabs.com> Tue May 11 18:56:01 2021 +0200
tree: a2d81e3da67d6be20ce06b883b8ce91c1b53041d
parent: be21dab0993a55559f27f42d7d6af6465bcdf704 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b48af39..57970da 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -2439,8 +2439,12 @@
     if( ! operation->is_sign )
         return( PSA_ERROR_BAD_STATE );
 
-    /* Sanity checks on output buffer length. */
-    if( mac_size == 0 || mac_size < operation->mac_size )
+    /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
+     * once all the error checks are done. */
+    if( operation->mac_size == 0 )
+        return( PSA_ERROR_BAD_STATE );
+
+    if( mac_size < operation->mac_size )
         return( PSA_ERROR_BUFFER_TOO_SMALL );
 
     status = psa_driver_wrapper_mac_sign_finish( operation,
commit	f8ad2123f92f53b6988d013fa58619204abfbcc0	[log] [tgz]
author	Steven Cooreman <steven.cooreman@silabs.com>	Tue May 11 11:09:13 2021 +0200
committer	Steven Cooreman <steven.cooreman@silabs.com>	Tue May 11 18:56:01 2021 +0200
tree	a2d81e3da67d6be20ce06b883b8ce91c1b53041d
parent	be21dab0993a55559f27f42d7d6af6465bcdf704 [diff] [blame]