commit f9c2c09810a2ba0cdca72b08b5eafe8872a7e150
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 21 16:57:07 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:24:50 2018 +0300
tree ba98863da7c7240fab27c6f17dda2f760346f052
parent 48c0ea14c66998c956c5fd4b0b17020a11d60fef

In abort functions, return BAD_STATE on obviously bad input

psa_hash_abort, psa_mac_abort and psa_cipher_abort now return
PSA_ERROR_BAD_STATE if operation->alg is obviously not valid, which
can only happen due to a programming error in the caller or in the
library. We can't detect all cases of calling abort on uninitialized
memory but this is dirt cheap and better than nothing.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fc73b2c..12c21d7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -822,7 +822,7 @@
             break;
 #endif
         default:
-            return( PSA_ERROR_NOT_SUPPORTED );
+            return( PSA_ERROR_BAD_STATE );
     }
     operation->alg = 0;
     return( PSA_SUCCESS );
@@ -1231,7 +1231,11 @@
             }
             else
 #endif /* MBEDTLS_MD_C */
-                return( PSA_ERROR_NOT_SUPPORTED );
+            {
+                /* Sanity check (shouldn't happen: operation->alg should
+                 * always have been initialized to a valid value). */
+                return( PSA_ERROR_BAD_STATE );
+            }
     }
 
     operation->alg = 0;
@@ -2218,6 +2222,11 @@
     if( operation->alg == 0 )
         return( PSA_SUCCESS );
 
+    /* Sanity check (shouldn't happen: operation->alg should
+     * always have been initialized to a valid value). */
+    if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
+        return( PSA_ERROR_BAD_STATE );
+
     mbedtls_cipher_free( &operation->ctx.cipher );
 
     operation->alg = 0;