From da9227de7c3d822d13c4d821e07755c9b3db42ef Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Jan 2024 11:37:22 +0000 Subject: [PATCH] Fix psa_key_derivation_output_bytes Signed-off-by: Ryan Everett --- library/psa_crypto.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85728c3e19..a09877e974 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5814,13 +5814,6 @@ psa_status_t psa_key_derivation_output_bytes( return PSA_ERROR_BAD_STATE; } - if (output_length > operation->capacity) { - operation->capacity = 0; - /* Go through the error path to wipe all confidential data now - * that the operation object is useless. */ - status = PSA_ERROR_INSUFFICIENT_DATA; - goto exit; - } if (output_length == 0 && operation->capacity == 0) { /* Edge case: this is a finished operation, and 0 bytes * were requested. The right error in this case could @@ -5832,6 +5825,14 @@ psa_status_t psa_key_derivation_output_bytes( } LOCAL_OUTPUT_ALLOC(output_external, output_length, output); + if (output_length > operation->capacity) { + operation->capacity = 0; + /* Go through the error path to wipe all confidential data now + * that the operation object is useless. */ + status = PSA_ERROR_INSUFFICIENT_DATA; + goto exit; + } + operation->capacity -= output_length; #if defined(BUILTIN_ALG_ANY_HKDF) @@ -5872,8 +5873,6 @@ psa_status_t psa_key_derivation_output_bytes( } exit: - LOCAL_OUTPUT_FREE(output_external, output); - if (status != PSA_SUCCESS) { /* Preserve the algorithm upon errors, but clear all sensitive state. * This allows us to differentiate between exhausted operations and @@ -5884,6 +5883,8 @@ exit: operation->alg = alg; memset(output, '!', output_length); } + + LOCAL_OUTPUT_FREE(output_external, output); return status; }