Fix psa_key_derivation_setup_kdf

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>

library/psa_crypto.c

@@ -6075,16 +6075,29 @@ static psa_status_t psa_key_derivation_setup_kdf(
     if (!is_kdf_alg_supported(kdf_alg)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
+    psa_status_t status = PSA_SUCCESS;
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
+        return PSA_SUCCESS;
+    }
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128)
+    if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+#if (UINT_MAX > UINT32_MAX)
+        operation->capacity = UINT32_MAX * PSA_MAC_LENGTH(PSA_KEY_TYPE_AES,
+                                                          128U,
+                                                          PSA_ALG_CMAC);
+#else
+        operation->capacity = UINT32_MAX;
+#endif
+        return PSA_SUCCESS;
+    }
+#endif
 
-    /* All currently supported key derivation algorithms (apart from
-     * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */
     psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
     size_t hash_size = PSA_HASH_LENGTH(hash_alg);
-    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
-        hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
-    } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
-        hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
-    } else {
     if (hash_size == 0) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
@@ -6092,27 +6105,45 @@ static psa_status_t psa_key_derivation_setup_kdf(
     /* Make sure that hash_alg is a supported hash algorithm. Otherwise
      * we might fail later, which is somewhat unfriendly and potentially
      * risk-prone. */
-        psa_status_t status = psa_hash_try_support(hash_alg);
+    status = psa_hash_try_support(hash_alg);
     if (status != PSA_SUCCESS) {
         return status;
     }
-    }
 
     if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
          PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
         !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+    if (PSA_ALG_IS_HKDF(kdf_alg)) {
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) ||
-        (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)) {
-        operation->capacity = hash_size;
-    } else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
-          MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
         operation->capacity = 255 * hash_size;
-    return PSA_SUCCESS;
+    }
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
+    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
+        operation->capacity = hash_size;
+    }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+    if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
+        operation->capacity = 255 * hash_size;
+    }
+#endif
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) {
+        operation->capacity = UINT_MAX;
+    }
+    if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
+        /* Master Secret consists of 2-byte version number
+         * and a 46-byte random value */
+        operation->capacity = 48U;
+    }
+    if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if (UINT_MAX > UINT32_MAX)
+        operation->capacity = UINT32_MAX * hash_size;
+#else
+        operation->capacity = UINT32_MAX;
+#endif
+    }
+    return status;
 }
 
 static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)