mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
psa: Disallow use of invalid MAC contexts
Ensure that when doing MAC operations out of order, PSA_ERROR_BAD_STATE is returned as documented in crypto.h and the PSA Crypto specification.
This commit is contained in:
@ -2238,6 +2238,11 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
|
||||
{
|
||||
psa_status_t status;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
/* Fill the output buffer with something that isn't a valid mac
|
||||
* (barring an attack on the mac and deliberately-crafted input),
|
||||
* in case the caller doesn't check the return status properly. */
|
||||
@ -2276,6 +2281,11 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
|
||||
uint8_t actual_mac[PSA_MAC_MAX_SIZE];
|
||||
psa_status_t status;
|
||||
|
||||
if( operation->alg == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
if( operation->is_sign )
|
||||
{
|
||||
status = PSA_ERROR_BAD_STATE;
|
||||
|
Reference in New Issue
Block a user