Add a single exit point in key derivation function

Add a single exit point in `mbedtls_ssl_derive_keys()`.
2024-11-22 23:35:49 +01:00 · 2019-05-07 18:27:13 +03:00 · 2019-05-07 18:27:13 +03:00 · e699270908
commit e699270908
parent 75d9a333ce
1 changed files with 25 additions and 17 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1036,7 +1036,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
            ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
-            return( ret );
+            goto end;
        }

        /* Get MAC length */
@ -1106,7 +1106,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #endif
            {
                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+                goto end;
            }
        }
    }
@ -1168,7 +1169,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_SRV_C */
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto end;
    }

 #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
@ -1178,7 +1180,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
        if( mac_key_len > sizeof( transform->mac_enc ) )
        {
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+            goto end;
        }

        memcpy( transform->mac_enc, mac_enc, mac_key_len );
@ -1202,7 +1205,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 #endif
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto end;
    }
 #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */

@ -1220,7 +1224,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                                        mac_key_len ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+            ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+            goto end;
        }
    }
 #else
@ -1253,7 +1258,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
        if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
-            return( ret );
+            goto end;
        }

        if( ret == 0 )
@ -1279,7 +1284,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                                 cipher_info ) ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
+        goto end;
    }

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1296,7 +1301,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
        if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
-            return( ret );
+            goto end;
        }

        if( ret == 0 )
@ -1322,7 +1327,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                                 cipher_info ) ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
+        goto end;
    }

    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
@ -1330,7 +1335,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                               MBEDTLS_ENCRYPT ) ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
+        goto end;
    }

    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
@ -1338,7 +1343,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                               MBEDTLS_DECRYPT ) ) != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
+        goto end;
    }

 #if defined(MBEDTLS_CIPHER_MODE_CBC)
@ -1348,14 +1353,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
                                             MBEDTLS_PADDING_NONE ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
-            return( ret );
+            goto end;
        }

        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
                                             MBEDTLS_PADDING_NONE ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
-            return( ret );
+            goto end;
        }
    }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
@ -1375,7 +1380,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
            {
                MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
                                    MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
-                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+                ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+                goto end;
            }
        }

@ -1389,14 +1395,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
            inflateInit( &transform->ctx_inflate ) != Z_OK )
        {
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
-            return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+            ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
+            goto end;
        }
    }
 #endif /* MBEDTLS_ZLIB_SUPPORT */

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+end:

-    return( 0 );
+    return( ret );
 }

 #if defined(MBEDTLS_SSL_PROTO_SSL3)