Add a single exit point in key derivation function
Add a single exit point in `mbedtls_ssl_derive_keys()`.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index da42ed7..c290360 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1036,7 +1036,7 @@
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
- return( ret );
+ goto end;
}
/* Get MAC length */
@@ -1106,7 +1106,8 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
}
}
@@ -1168,7 +1169,8 @@
#endif /* MBEDTLS_SSL_SRV_C */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
@@ -1178,7 +1180,8 @@
if( mac_key_len > sizeof( transform->mac_enc ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
memcpy( transform->mac_enc, mac_enc, mac_key_len );
@@ -1202,7 +1205,8 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto end;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@@ -1220,7 +1224,8 @@
mac_key_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
- return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto end;
}
}
#else
@@ -1253,7 +1258,7 @@
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
- return( ret );
+ goto end;
}
if( ret == 0 )
@@ -1279,7 +1284,7 @@
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- return( ret );
+ goto end;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1296,7 +1301,7 @@
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
- return( ret );
+ goto end;
}
if( ret == 0 )
@@ -1322,7 +1327,7 @@
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
@@ -1330,7 +1335,7 @@
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
@@ -1338,7 +1343,7 @@
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
- return( ret );
+ goto end;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1348,14 +1353,14 @@
MBEDTLS_PADDING_NONE ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- return( ret );
+ goto end;
}
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
MBEDTLS_PADDING_NONE ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
- return( ret );
+ goto end;
}
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1375,7 +1380,8 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto end;
}
}
@@ -1389,14 +1395,16 @@
inflateInit( &transform->ctx_inflate ) != Z_OK )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
- return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+ ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED;
+ goto end;
}
}
#endif /* MBEDTLS_ZLIB_SUPPORT */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+end:
- return( 0 );
+ return( ret );
}
#if defined(MBEDTLS_SSL_PROTO_SSL3)