From 5390acada9a017e0df672ddccfc8c33cf7c84821 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 22 Feb 2024 11:06:04 +0000 Subject: [PATCH] Decouple if statements in psa_raw_key_agreement exit. Signed-off-by: Thomas Daubney --- library/psa_crypto.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0e000b3d25..ca8cf2de55 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7429,17 +7429,21 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, output_length); exit: + /* Check for successful allocation of output, + * with an unsuccessful status. */ if (output != NULL && status != PSA_SUCCESS) { /* If an error happens and is not handled properly, the output - * may be used as a key to protect sensitive data. Arrange for such - * a key to be random, which is likely to result in decryption or - * verification errors. This is better than filling the buffer with - * some constant data such as zeros, which would result in the data - * being protected with a reproducible, easily knowable key. - */ + * may be used as a key to protect sensitive data. Arrange for such + * a key to be random, which is likely to result in decryption or + * verification errors. This is better than filling the buffer with + * some constant data such as zeros, which would result in the data + * being protected with a reproducible, easily knowable key. + */ psa_generate_random(output, output_size); *output_length = output_size; - } else { + } + + if (output == NULL) { /* output allocation failed. */ *output_length = 0; }