PSA asymmetric signature: set *signature_length = 0 on failure

2025-11-03 20:22:59 -05:00 · 2018-02-03 23:58:03 +01:00 · 2018-02-03 23:58:03 +01:00 · 93aa0334d9
commit 93aa0334d9
parent 0189e7512d
2 changed files with 9 additions and 6 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -446,6 +446,10 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
 {
    key_slot_t *slot;

+    *signature_length = 0;
+    (void) salt;
+    (void) salt_length;
+
    if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
        return( PSA_ERROR_EMPTY_SLOT );
    slot = &global_data.key_slots[key];
@ -454,9 +458,6 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
    if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
        return( PSA_ERROR_INVALID_ARGUMENT );

-    (void) salt;
-    (void) salt_length;
-
 #if defined(MBEDTLS_RSA_C)
    if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
    {
@ -512,7 +513,8 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
        {
            return( PSA_ERROR_INVALID_ARGUMENT );
        }
-        *signature_length = ( ret == 0 ? rsa->len : 0 );
+        if( ret == 0 )
+            *signature_length = rsa->len;
        return( mbedtls_to_psa_error( ret ) );
    }
    else
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@ -159,9 +159,9 @@ void sign_deterministic( int key_type_arg, char *key_hex,
    size_t input_size;
    unsigned char *output_data = NULL;
    size_t output_size;
-    size_t signature_length;
    unsigned char *signature = NULL;
    size_t signature_size;
+    size_t signature_length = 0xdeadbeef;

    key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
    TEST_ASSERT( key_data != NULL );
@ -219,7 +219,7 @@ void sign_fail( int key_type_arg, char *key_hex,
    psa_status_t actual_status;
    psa_status_t expected_status = expected_status_arg;
    unsigned char *signature;
-    size_t signature_length;
+    size_t signature_length = 0xdeadbeef;

    key_data = mbedtls_calloc( 1, strlen( key_hex ) / 2 );
    TEST_ASSERT( key_data != NULL );
@ -241,6 +241,7 @@ void sign_fail( int key_type_arg, char *key_hex,
                                         signature, signature_size,
                                         &signature_length );
    TEST_ASSERT( actual_status == expected_status );
+    TEST_ASSERT( signature_length == 0 );

 exit:
    psa_destroy_key( slot );