EAP-EKE: Merge identical error return paths
There is no need to maintain multiple copies of the same error return path. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
13cb0a66d5
commit
e161451fc8
1 changed files with 11 additions and 30 deletions
|
|
@ -44,9 +44,7 @@ static int eap_eke_dhcomp_len(u8 dhgroup, u8 encr)
|
|||
int dhlen;
|
||||
|
||||
dhlen = eap_eke_dh_len(dhgroup);
|
||||
if (dhlen < 0)
|
||||
return -1;
|
||||
if (encr != EAP_EKE_ENCR_AES128_CBC)
|
||||
if (dhlen < 0 || encr != EAP_EKE_ENCR_AES128_CBC)
|
||||
return -1;
|
||||
return AES_BLOCK_SIZE + dhlen;
|
||||
}
|
||||
|
|
@ -166,14 +164,11 @@ int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub)
|
|||
size_t pub_len, i;
|
||||
|
||||
generator = eap_eke_dh_generator(group);
|
||||
if (generator < 0 || generator > 255)
|
||||
dh = eap_eke_dh_group(group);
|
||||
if (generator < 0 || generator > 255 || !dh)
|
||||
return -1;
|
||||
gen = generator;
|
||||
|
||||
dh = eap_eke_dh_group(group);
|
||||
if (dh == NULL)
|
||||
return -1;
|
||||
|
||||
/* x = random number 2 .. p-1 */
|
||||
if (random_get_bytes(ret_priv, dh->prime_len))
|
||||
return -1;
|
||||
|
|
@ -411,11 +406,8 @@ int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
|
|||
size_t len;
|
||||
const struct dh_group *dh;
|
||||
|
||||
if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
|
||||
return -1;
|
||||
|
||||
dh = eap_eke_dh_group(sess->dhgroup);
|
||||
if (dh == NULL)
|
||||
if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh)
|
||||
return -1;
|
||||
|
||||
/* Decrypt peer DHComponent */
|
||||
|
|
@ -654,10 +646,8 @@ int eap_eke_prot(struct eap_eke_session *sess,
|
|||
pos += pad;
|
||||
}
|
||||
|
||||
if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0)
|
||||
return -1;
|
||||
|
||||
if (eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
|
||||
if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0 ||
|
||||
eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
|
||||
return -1;
|
||||
pos += icv_len;
|
||||
|
||||
|
|
@ -685,9 +675,8 @@ int eap_eke_decrypt_prot(struct eap_eke_session *sess,
|
|||
else
|
||||
return -1;
|
||||
|
||||
if (prot_len < 2 * block_size + icv_len)
|
||||
return -1;
|
||||
if ((prot_len - icv_len) % block_size)
|
||||
if (prot_len < 2 * block_size + icv_len ||
|
||||
(prot_len - icv_len) % block_size)
|
||||
return -1;
|
||||
|
||||
if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
|
||||
|
|
@ -738,22 +727,14 @@ int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr,
|
|||
sess->mac = mac;
|
||||
|
||||
sess->prf_len = eap_eke_prf_len(prf);
|
||||
if (sess->prf_len < 0)
|
||||
return -1;
|
||||
sess->nonce_len = eap_eke_nonce_len(prf);
|
||||
if (sess->nonce_len < 0)
|
||||
return -1;
|
||||
sess->auth_len = eap_eke_auth_len(prf);
|
||||
if (sess->auth_len < 0)
|
||||
return -1;
|
||||
sess->dhcomp_len = eap_eke_dhcomp_len(sess->dhgroup, sess->encr);
|
||||
if (sess->dhcomp_len < 0)
|
||||
return -1;
|
||||
sess->pnonce_len = eap_eke_pnonce_len(sess->mac);
|
||||
if (sess->pnonce_len < 0)
|
||||
return -1;
|
||||
sess->pnonce_ps_len = eap_eke_pnonce_ps_len(sess->mac);
|
||||
if (sess->pnonce_ps_len < 0)
|
||||
if (sess->prf_len < 0 || sess->nonce_len < 0 || sess->auth_len < 0 ||
|
||||
sess->dhcomp_len < 0 || sess->pnonce_len < 0 ||
|
||||
sess->pnonce_ps_len < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue