Add missing calls to psa_cipher_abort in cipher functions

library/psa_crypto.c

@@ -2478,53 +2478,59 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
                                      size_t iv_size,
                                      size_t *iv_length )
 {
-    int ret = PSA_SUCCESS;
+    psa_status_t status;
+    int ret;
     if( operation->iv_set || ! operation->iv_required )
-        return( PSA_ERROR_BAD_STATE );
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
     if( iv_size < operation->iv_size )
     {
-        ret = PSA_ERROR_BUFFER_TOO_SMALL;
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
         goto exit;
     }
     ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
                                    iv, operation->iv_size );
     if( ret != 0 )
     {
-        ret = mbedtls_to_psa_error( ret );
+        status = mbedtls_to_psa_error( ret );
         goto exit;
     }
 
     *iv_length = operation->iv_size;
-    ret = psa_cipher_set_iv( operation, iv, *iv_length );
+    status = psa_cipher_set_iv( operation, iv, *iv_length );
 
 exit:
-    if( ret != PSA_SUCCESS )
+    if( status != PSA_SUCCESS )
         psa_cipher_abort( operation );
-    return( ret );
+    return( status );
 }
 
 psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
                                 const unsigned char *iv,
                                 size_t iv_length )
 {
-    int ret = PSA_SUCCESS;
+    psa_status_t status;
+    int ret;
     if( operation->iv_set || ! operation->iv_required )
-        return( PSA_ERROR_BAD_STATE );
+    {
+        status = PSA_ERROR_BAD_STATE;
+        goto exit;
+    }
     if( iv_length != operation->iv_size )
     {
-        psa_cipher_abort( operation );
+        status = PSA_ERROR_INVALID_ARGUMENT;
-        return( PSA_ERROR_INVALID_ARGUMENT );
+        goto exit;
     }
     ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
-    if( ret != 0 )
+    status = mbedtls_to_psa_error( ret );
-    {
+exit:
-        psa_cipher_abort( operation );
+    if( status == PSA_SUCCESS )
-        return( mbedtls_to_psa_error( ret ) );
-    }
-
         operation->iv_set = 1;
-
+    else
-    return( PSA_SUCCESS );
+        psa_cipher_abort( operation );
+    return( status );
 }
 
 psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
@@ -2534,7 +2540,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
                                 size_t output_size,
                                 size_t *output_length )
 {
-    int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+    psa_status_t status;
+    int ret;
     size_t expected_output_size;
     if( PSA_ALG_IS_BLOCK_CIPHER( operation->alg ) )
     {
@@ -2550,18 +2557,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
     {
         expected_output_size = input_length;
     }
+
     if( output_size < expected_output_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    {
+        status = PSA_ERROR_BUFFER_TOO_SMALL;
+        goto exit;
+    }
 
     ret = mbedtls_cipher_update( &operation->ctx.cipher, input,
                                  input_length, output, output_length );
-    if( ret != 0 )
+    status = mbedtls_to_psa_error( ret );
-    {
+exit:
+    if( status != PSA_SUCCESS )
         psa_cipher_abort( operation );
-        return( mbedtls_to_psa_error( ret ) );
+    return( status );
-    }
-
-    return( PSA_SUCCESS );
 }
 
 psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,