Adapt code to be consistent with the existing code
- init status to error
- use simple assignment to status
- fix code style (spaces)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 396c2e9..e503f98 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -146,7 +146,8 @@
{
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -180,23 +181,36 @@
&hkdf_label_len );
status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- secret,
- secret_len );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- hkdf_label,
- hkdf_label_len );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_output_bytes( &operation,
- buf,
- buf_len );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_abort( &operation );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ secret,
+ secret_len );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_INFO,
+ hkdf_label,
+ hkdf_label_len );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_output_bytes( &operation,
+ buf,
+ buf_len );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+cleanup:
+ abort_status = psa_key_derivation_abort( &operation );
+ status = ( status == PSA_SUCCESS ? abort_status : status );
return( psa_ssl_status_to_mbedtls ( status ) );
}
@@ -314,7 +328,8 @@
unsigned char *secret_new )
{
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- psa_status_t status = PSA_SUCCESS;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
size_t hlen, ilen;
unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
@@ -341,6 +356,8 @@
goto cleanup;
}
+ ret = 0;
+
if( input != NULL )
{
memcpy( tmp_input, input, input_len );
@@ -353,26 +370,37 @@
status = psa_key_derivation_setup( &operation,
PSA_ALG_HKDF_EXTRACT( hash_alg ) );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- tmp_secret,
- hlen );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_input_bytes( &operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- tmp_input,
- ilen );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_output_bytes( &operation,
- secret_new,
- PSA_HASH_LENGTH( hash_alg ) );
- if (status == PSA_SUCCESS)
- status |= psa_key_derivation_abort( &operation );
- ret = psa_ssl_status_to_mbedtls ( status );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_SALT,
+ tmp_secret,
+ hlen );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_input_bytes( &operation,
+ PSA_KEY_DERIVATION_INPUT_SECRET,
+ tmp_input,
+ ilen );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_key_derivation_output_bytes( &operation,
+ secret_new,
+ PSA_HASH_LENGTH( hash_alg ) );
+
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
cleanup:
-
+ abort_status = psa_key_derivation_abort( &operation );
+ status = ( status == PSA_SUCCESS ? abort_status : status );
+ ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret );
mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) );
return( ret );