diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index 484570ecfb..50e584acf4 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -255,34 +255,37 @@ static void psa_mac_operation(void) } case PSA_MAC_UPDATE: { - uint8_t *input_buffer = NULL; size_t data_remaining = msg.in_size[1]; size_t allocation_size = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); size_t size_to_read = 0; - input_buffer = mbedtls_calloc(1, allocation_size); - if (input_buffer == NULL) { - psa_mac_abort(msg.rhandle); - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - while (data_remaining > 0) { - size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read); + if (allocation_size > 0) { + input_buffer = mbedtls_calloc(1, allocation_size); + if (input_buffer == NULL) { + psa_mac_abort(msg.rhandle); + status = PSA_ERROR_INSUFFICIENT_MEMORY; + } else { + while (data_remaining > 0) { + size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - if (bytes_read != size_to_read) { - SPM_PANIC("SPM read length mismatch"); + bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read); + if (bytes_read != size_to_read) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_mac_update(msg.rhandle, input_buffer, bytes_read); + // stop on error + if (status != PSA_SUCCESS) { + break; + } + data_remaining = data_remaining - bytes_read; } - status = psa_mac_update(msg.rhandle, input_buffer, bytes_read); - // stop on error - if (status != PSA_SUCCESS) { - break; - } - data_remaining = data_remaining - bytes_read; + mbedtls_free(input_buffer); } - - mbedtls_free(input_buffer); + } else { + status = psa_mac_update(msg.rhandle, input_buffer, allocation_size); } if (status != PSA_SUCCESS) { @@ -293,25 +296,30 @@ static void psa_mac_operation(void) } case PSA_MAC_SIGN_FINISH: { - size_t mac_size = 0; - bytes_read = psa_read(msg.handle, 1, &mac_size, - msg.in_size[1]); + uint8_t *mac = NULL; + size_t mac_size = 0, mac_length = 0; + + bytes_read = psa_read(msg.handle, 1, &mac_size, msg.in_size[1]); if (bytes_read != msg.in_size[1]) { SPM_PANIC("SPM read length mismatch"); } - size_t mac_length = 0; - uint8_t *mac = mbedtls_calloc(1, mac_size); - if (mac == NULL) { - psa_mac_abort(msg.rhandle); - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { + if (mac_size > 0) { + mac = mbedtls_calloc(1, mac_size); + if (mac == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + } + } + + if (status == PSA_SUCCESS) { status = psa_mac_sign_finish(msg.rhandle, mac, mac_size, &mac_length); if (status == PSA_SUCCESS) { psa_write(msg.handle, 0, mac, mac_length); psa_write(msg.handle, 1, &mac_length, sizeof(mac_length)); } mbedtls_free(mac); + } else { + psa_mac_abort(msg.rhandle); } mbedtls_free(msg.rhandle); @@ -320,26 +328,31 @@ static void psa_mac_operation(void) } case PSA_MAC_VERIFY_FINISH: { + uint8_t *mac = NULL; size_t mac_length = 0; - bytes_read = psa_read(msg.handle, 1, &mac_length, - msg.in_size[1]); - if (bytes_read != msg.in_size[1] || - mac_length != msg.in_size[2]) { + + bytes_read = psa_read(msg.handle, 1, &mac_length, msg.in_size[1]); + if (bytes_read != msg.in_size[1] || mac_length != msg.in_size[2]) { SPM_PANIC("SPM read length mismatch"); } - uint8_t *mac = mbedtls_calloc(1, mac_length); - if (mac == NULL) { - psa_mac_abort(msg.rhandle); - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 2, mac, msg.in_size[2]); - if (bytes_read != msg.in_size[2]) { - SPM_PANIC("SPM read length mismatch"); + if (mac_length > 0) { + mac = mbedtls_calloc(1, mac_length); + if (mac == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + } else { + bytes_read = psa_read(msg.handle, 2, mac, mac_length); + if (bytes_read != mac_length) { + SPM_PANIC("SPM read length mismatch"); + } } + } + if (status == PSA_SUCCESS) { status = psa_mac_verify_finish(msg.rhandle, mac, mac_length); mbedtls_free(mac); + } else { + psa_mac_abort(msg.rhandle); } mbedtls_free(msg.rhandle);