From e699270908f409ecc303bc0c1bb8e3b2675362d7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:27:13 +0300 Subject: [PATCH] Add a single exit point in key derivation function Add a single exit point in `mbedtls_ssl_derive_keys()`. --- library/ssl_tls.c | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da42ed7ae..c2903605c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1036,7 +1036,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); - return( ret ); + goto end; } /* Get MAC length */ @@ -1106,7 +1106,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } } } @@ -1168,7 +1169,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_SRV_C */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -1178,7 +1180,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( mac_key_len > sizeof( transform->mac_enc ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } memcpy( transform->mac_enc, mac_enc, mac_key_len ); @@ -1202,7 +1205,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ @@ -1220,7 +1224,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) mac_key_len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto end; } } #else @@ -1253,7 +1258,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - return( ret ); + goto end; } if( ret == 0 ) @@ -1279,7 +1284,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - return( ret ); + goto end; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1296,7 +1301,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - return( ret ); + goto end; } if( ret == 0 ) @@ -1322,7 +1327,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, @@ -1330,7 +1335,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_ENCRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, @@ -1338,7 +1343,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_DECRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - return( ret ); + goto end; } #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1348,14 +1353,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_PADDING_NONE ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, MBEDTLS_PADDING_NONE ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - return( ret ); + goto end; } } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1375,7 +1380,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto end; } } @@ -1389,14 +1395,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) inflateInit( &transform->ctx_inflate ) != Z_OK ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED; + goto end; } } #endif /* MBEDTLS_ZLIB_SUPPORT */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); +end: - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SSL_PROTO_SSL3)