mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:14:27 +01:00
ssl_tls: reduce the complexity of encryption validation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
8ec9e136cf
commit
ff51721e99
@ -2589,9 +2589,6 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
|
||||
}
|
||||
}
|
||||
|
||||
#define ENCRYPTION_SUCCESS 0xCC
|
||||
#define ENCRYPTION_FAIL 0xAA
|
||||
|
||||
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_transform *transform,
|
||||
mbedtls_record *rec,
|
||||
@ -2604,7 +2601,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
|
||||
size_t add_data_len;
|
||||
size_t post_avail;
|
||||
int encryption_status = ENCRYPTION_FAIL;
|
||||
int encryption_status = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||
|
||||
/* The SSL context is only used for debugging purposes! */
|
||||
#if !defined(MBEDTLS_DEBUG_C)
|
||||
@ -2774,7 +2771,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
|
||||
transform->iv_enc, transform->ivlen,
|
||||
data, rec->data_len,
|
||||
data, &olen ) ) != 0 )
|
||||
@ -2783,7 +2780,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
#else
|
||||
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
|
||||
transform->iv_enc, transform->ivlen,
|
||||
data, rec->data_len,
|
||||
data, &olen ) ) != 0 )
|
||||
@ -2797,7 +2794,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
encryption_status = ENCRYPTION_SUCCESS;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
@ -2874,7 +2870,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
|
||||
iv, transform->ivlen,
|
||||
add_data, add_data_len, /* add data */
|
||||
data, rec->data_len, /* source */
|
||||
@ -2885,7 +2881,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
#else
|
||||
if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
|
||||
iv, transform->ivlen,
|
||||
add_data, add_data_len, /* add data */
|
||||
data, rec->data_len, /* source */
|
||||
@ -2896,7 +2892,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
encryption_status = ENCRYPTION_SUCCESS;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
|
||||
data + rec->data_len, transform->taglen );
|
||||
@ -2981,7 +2976,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
|
||||
transform->iv_enc,
|
||||
transform->ivlen,
|
||||
data, rec->data_len,
|
||||
@ -2991,7 +2986,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
#else
|
||||
if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
|
||||
if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
|
||||
transform->iv_enc,
|
||||
transform->ivlen,
|
||||
data, rec->data_len,
|
||||
@ -3002,8 +2997,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
encryption_status = ENCRYPTION_SUCCESS;
|
||||
|
||||
if( rec->data_len != olen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
@ -3092,7 +3085,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
|
||||
|
||||
if( encryption_status == ENCRYPTION_SUCCESS )
|
||||
if( encryption_status == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user