ssl_tls: reduce the complexity of encryption validation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8934518..7dfc0af 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2589,9 +2589,6 @@
}
}
-#define ENCRYPTION_SUCCESS 0xCC
-#define ENCRYPTION_FAIL 0xAA
-
int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
mbedtls_record *rec,
@@ -2604,7 +2601,7 @@
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t add_data_len;
size_t post_avail;
- int encryption_status = ENCRYPTION_FAIL;
+ int encryption_status = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
/* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C)
@@ -2774,7 +2771,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
@@ -2783,7 +2780,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
@@ -2797,7 +2794,6 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- encryption_status = ENCRYPTION_SUCCESS;
}
else
#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
@@ -2874,7 +2870,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
@@ -2885,7 +2881,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
@@ -2896,7 +2892,6 @@
return( ret );
}
#endif
- encryption_status = ENCRYPTION_SUCCESS;
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len, transform->taglen );
@@ -2981,7 +2976,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
@@ -2991,7 +2986,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
@@ -3002,8 +2997,6 @@
}
#endif
- encryption_status = ENCRYPTION_SUCCESS;
-
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -3092,7 +3085,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
- if( encryption_status == ENCRYPTION_SUCCESS )
+ if( encryption_status == 0 )
{
return( 0 );
}