Use PSA_ERROR_INVALID_ARGUMENT for invalid cipher input sizes
... as opposed to PSA_ERROR_BAD_STATE.
The spec on psa_cipher_finish() states that PSA_ERROR_INVALID_ARGUMENT
should be returned when:
"The total input size passed to this operation is not valid for this
particular algorithm. For example, the algorithm is a based on block
cipher and requires a whole number of blocks, but the total input size
is not a multiple of the block size."
Currently, there is a distinction between encryption and decryption
on whether INVALID_ARGUMENT or BAD_STATE is returned, but this is not
a part of the spec.
This fix ensures that PSA_ERROR_INVALID_ARGUMENT is returned
consistently on invalid cipher input sizes.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 931e2e9..08b89d0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -199,7 +199,7 @@
case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
return( PSA_ERROR_INVALID_PADDING );
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
- return( PSA_ERROR_BAD_STATE );
+ return( PSA_ERROR_INVALID_ARGUMENT );
case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
return( PSA_ERROR_INVALID_SIGNATURE );
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
@@ -4473,8 +4473,7 @@
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
- ( operation->alg == PSA_ALG_CBC_NO_PADDING &&
- operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) )
+ operation->alg == PSA_ALG_CBC_NO_PADDING )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;