From 38ab400dc4f958d1a0a335e8a0429ffef89fb4b8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 23 Jun 2022 09:05:40 +0200 Subject: [PATCH] Adapt code to be consistent with the existing code - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel --- library/ssl_tls13_keys.c | 100 +++++++++++++++++++++++++-------------- 1 file changed, 64 insertions(+), 36 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 396c2e98db..e503f98706 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -146,7 +146,8 @@ int mbedtls_ssl_tls13_hkdf_expand_label( { unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; size_t hkdf_label_len; - psa_status_t status = PSA_SUCCESS; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -180,23 +181,36 @@ int mbedtls_ssl_tls13_hkdf_expand_label( &hkdf_label_len ); status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_input_bytes( &operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - secret, - secret_len ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_input_bytes( &operation, - PSA_KEY_DERIVATION_INPUT_INFO, - hkdf_label, - hkdf_label_len ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_output_bytes( &operation, - buf, - buf_len ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_abort( &operation ); + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + secret, + secret_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_INFO, + hkdf_label, + hkdf_label_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_output_bytes( &operation, + buf, + buf_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + +cleanup: + abort_status = psa_key_derivation_abort( &operation ); + status = ( status == PSA_SUCCESS ? abort_status : status ); return( psa_ssl_status_to_mbedtls ( status ) ); } @@ -314,7 +328,8 @@ int mbedtls_ssl_tls13_evolve_secret( unsigned char *secret_new ) { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - psa_status_t status = PSA_SUCCESS; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; size_t hlen, ilen; unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; @@ -341,6 +356,8 @@ int mbedtls_ssl_tls13_evolve_secret( goto cleanup; } + ret = 0; + if( input != NULL ) { memcpy( tmp_input, input, input_len ); @@ -353,26 +370,37 @@ int mbedtls_ssl_tls13_evolve_secret( status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXTRACT( hash_alg ) ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_input_bytes( &operation, - PSA_KEY_DERIVATION_INPUT_SALT, - tmp_secret, - hlen ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_input_bytes( &operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - tmp_input, - ilen ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_output_bytes( &operation, - secret_new, - PSA_HASH_LENGTH( hash_alg ) ); - if (status == PSA_SUCCESS) - status |= psa_key_derivation_abort( &operation ); - ret = psa_ssl_status_to_mbedtls ( status ); + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SALT, + tmp_secret, + hlen ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + tmp_input, + ilen ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_output_bytes( &operation, + secret_new, + PSA_HASH_LENGTH( hash_alg ) ); + + if( status != PSA_SUCCESS ) + goto cleanup; + cleanup: - + abort_status = psa_key_derivation_abort( &operation ); + status = ( status == PSA_SUCCESS ? abort_status : status ); + ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret ); mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); return( ret );