yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 07:54:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

ssl_tls: reduce the complexity of encryption validation

Browse Source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-08-10 07:10:35 -04:00
parent 8ec9e136cf
commit ff51721e99
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
1 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
library/ssl_tls.c
View File

@ -2589,9 +2589,6 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
} }
} }
#define ENCRYPTION_SUCCESS 0xCC
#define ENCRYPTION_FAIL 0xAA
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,
mbedtls_record *rec, mbedtls_record *rec,
@ -2604,7 +2601,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t add_data_len; size_t add_data_len;
size_t post_avail; size_t post_avail;
int encryption_status = ENCRYPTION_FAIL; int encryption_status = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
/* The SSL context is only used for debugging purposes! */ /* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C) #if !defined(MBEDTLS_DEBUG_C)
@ -2774,7 +2771,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc, transform->ivlen, transform->iv_enc, transform->ivlen,
data, rec->data_len, data, rec->data_len,
data, &olen ) ) != 0 ) data, &olen ) ) != 0 )
@ -2783,7 +2780,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#else #else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen, transform->iv_enc, transform->ivlen,
data, rec->data_len, data, rec->data_len,
data, &olen ) ) != 0 ) data, &olen ) ) != 0 )
@ -2797,7 +2794,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
encryption_status = ENCRYPTION_SUCCESS;
} }
else else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
@ -2874,7 +2870,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx, if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
iv, transform->ivlen, iv, transform->ivlen,
add_data, add_data_len, /* add data */ add_data, add_data_len, /* add data */
data, rec->data_len, /* source */ data, rec->data_len, /* source */
@ -2885,7 +2881,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#else #else
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc, if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen, iv, transform->ivlen,
add_data, add_data_len, /* add data */ add_data, add_data_len, /* add data */
data, rec->data_len, /* source */ data, rec->data_len, /* source */
@ -2896,7 +2892,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#endif #endif
encryption_status = ENCRYPTION_SUCCESS;
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len, transform->taglen ); data + rec->data_len, transform->taglen );
@ -2981,7 +2976,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx, if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc, transform->iv_enc,
transform->ivlen, transform->ivlen,
data, rec->data_len, data, rec->data_len,
@ -2991,7 +2986,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#else #else
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->iv_enc,
transform->ivlen, transform->ivlen,
data, rec->data_len, data, rec->data_len,
@ -3002,8 +2997,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
} }
#endif #endif
encryption_status = ENCRYPTION_SUCCESS;
if( rec->data_len != olen ) if( rec->data_len != olen )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@ -3092,7 +3085,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
if( encryption_status == ENCRYPTION_SUCCESS ) if( encryption_status == 0 )
{ {
return( 0 ); return( 0 );
} }