Refactor: change init and destroy_key return type to S2N_RESULT in s2…

…n_cipher struct (#4639)
aws · Jul 10, 2024 · 706e228 · 706e228
1 parent ed4be6e
commit 706e228
Show file tree

Hide file tree

Showing 21 changed files with 112 additions and 111 deletions.
diff --git a/crypto/s2n_aead_cipher_aes_gcm.c b/crypto/s2n_aead_cipher_aes_gcm.c
@@ -185,22 +185,22 @@ static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n
     return S2N_RESULT_OK;
 }
 
-static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
 {
-    POSIX_ENSURE_REF(key);
+    RESULT_ENSURE_REF(key);
 
     EVP_AEAD_CTX_zero(key->evp_aead_ctx);
 
-    return S2N_SUCCESS;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
 {
-    POSIX_ENSURE_REF(key);
+    RESULT_ENSURE_REF(key);
 
     EVP_AEAD_CTX_cleanup(key->evp_aead_ctx);
 
-    return S2N_SUCCESS;
+    return S2N_RESULT_OK;
 }
 
 #else /* Standard AES-GCM implementation */
@@ -357,18 +357,18 @@ static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n
     return S2N_RESULT_OK;
 }
 
-static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return S2N_SUCCESS;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return S2N_SUCCESS;
+    return S2N_RESULT_OK;
 }
 
 #endif

diff --git a/crypto/s2n_aead_cipher_chacha20_poly1305.c b/crypto/s2n_aead_cipher_chacha20_poly1305.c
@@ -143,18 +143,18 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi
     return S2N_RESULT_OK;
 }
 
-static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 #elif defined(S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC) /* BoringSSL and AWS-LC implementation */
@@ -212,18 +212,18 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi
     return S2N_RESULT_OK;
 }
 
-static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
 {
     EVP_AEAD_CTX_zero(key->evp_aead_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
 {
     EVP_AEAD_CTX_cleanup(key->evp_aead_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 #else /* No ChaCha20-Poly1305 implementation exists for chosen cryptographic provider (E.g Openssl 1.0.x) */
@@ -248,14 +248,14 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi
     RESULT_BAIL(S2N_ERR_KEY_INIT);
 }
 
-static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key)
 {
-    POSIX_BAIL(S2N_ERR_KEY_INIT);
+    RESULT_BAIL(S2N_ERR_KEY_INIT);
 }
 
-static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key)
 {
-    POSIX_BAIL(S2N_ERR_KEY_DESTROY);
+    RESULT_BAIL(S2N_ERR_KEY_DESTROY);
 }
 
 #endif

diff --git a/crypto/s2n_cbc_cipher_3des.c b/crypto/s2n_cbc_cipher_3des.c
@@ -74,18 +74,18 @@ static S2N_RESULT s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key
     return S2N_RESULT_OK;
 }
 
-static int s2n_cbc_cipher_3des_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_cbc_cipher_3des_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 const struct s2n_cipher s2n_3des = {

diff --git a/crypto/s2n_cbc_cipher_aes.c b/crypto/s2n_cbc_cipher_aes.c
@@ -100,18 +100,18 @@ S2N_RESULT s2n_cbc_cipher_aes256_set_encryption_key(struct s2n_session_key *key,
     return S2N_RESULT_OK;
 }
 
-static int s2n_cbc_cipher_aes_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_cbc_cipher_aes_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 const struct s2n_cipher s2n_aes128 = {

diff --git a/crypto/s2n_cipher.h b/crypto/s2n_cipher.h
@@ -83,10 +83,10 @@ struct s2n_cipher {
     } io;
     uint8_t key_material_size;
     uint8_t (*is_available)(void);
-    int (*init)(struct s2n_session_key *key);
+    S2N_RESULT (*init)(struct s2n_session_key *key);
     S2N_RESULT (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in);
     S2N_RESULT (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in);
-    int (*destroy_key)(struct s2n_session_key *key);
+    S2N_RESULT (*destroy_key)(struct s2n_session_key *key);
     S2N_RESULT (*set_ktls_info)(struct s2n_ktls_crypto_info_inputs *inputs,
             struct s2n_ktls_crypto_info *crypto_info);
 };

diff --git a/crypto/s2n_composite_cipher_aes_sha.c b/crypto/s2n_composite_cipher_aes_sha.c
@@ -287,18 +287,18 @@ static S2N_RESULT s2n_composite_cipher_aes256_sha256_set_decryption_key(struct s
     return S2N_RESULT_OK;
 }
 
-static int s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 const struct s2n_cipher s2n_aes128_sha = {

diff --git a/crypto/s2n_stream_cipher_null.c b/crypto/s2n_stream_cipher_null.c
@@ -38,14 +38,14 @@ static S2N_RESULT s2n_stream_cipher_null_get_key(struct s2n_session_key *key, st
     return S2N_RESULT_OK;
 }
 
-static int s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key)
 {
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_stream_cipher_null_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_stream_cipher_null_init(struct s2n_session_key *key)
 {
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 const struct s2n_cipher s2n_null_cipher = {

diff --git a/crypto/s2n_stream_cipher_rc4.c b/crypto/s2n_stream_cipher_rc4.c
@@ -87,18 +87,18 @@ static S2N_RESULT s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_ke
     return S2N_RESULT_OK;
 }
 
-static int s2n_stream_cipher_rc4_init(struct s2n_session_key *key)
+static S2N_RESULT s2n_stream_cipher_rc4_init(struct s2n_session_key *key)
 {
-    s2n_evp_ctx_init(key->evp_cipher_ctx);
+    RESULT_EVP_CTX_INIT(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
+static S2N_RESULT s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key)
 {
     EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
 const struct s2n_cipher s2n_rc4 = {

diff --git a/tests/testlib/s2n_connection_test_utils.c b/tests/testlib/s2n_connection_test_utils.c
@@ -296,13 +296,13 @@ S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn)
     uint8_t client_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "client key";
     struct s2n_blob client_key = { 0 };
     RESULT_GUARD_POSIX(s2n_blob_init(&client_key, client_key_bytes, cipher->key_material_size));
-    RESULT_GUARD_POSIX(cipher->init(&conn->secure->client_key));
+    RESULT_GUARD(cipher->init(&conn->secure->client_key));
     RESULT_GUARD(cipher->set_encryption_key(&conn->secure->client_key, &client_key));
 
     uint8_t server_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "server key";
     struct s2n_blob server_key = { 0 };
     RESULT_GUARD_POSIX(s2n_blob_init(&server_key, server_key_bytes, cipher->key_material_size));
-    RESULT_GUARD_POSIX(cipher->init(&conn->secure->server_key));
+    RESULT_GUARD(cipher->init(&conn->secure->server_key));
     RESULT_GUARD(cipher->set_encryption_key(&conn->secure->server_key, &server_key));
 
     conn->client = conn->secure;

diff --git a/tests/unit/s2n_3des_test.c b/tests/unit/s2n_3des_test.c
@@ -50,10 +50,11 @@ int main(int argc, char **argv)
 
     /* test the 3des cipher with a SHA1 hash */
     conn->secure->cipher_suite->record_alg = &s2n_record_alg_3des_sha;
-    EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key));
-    EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key));
+    EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key));
+    EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key));
     EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3));
     EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3));
+
     EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
     EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
     conn->actual_protocol_version = S2N_TLS11;
@@ -107,8 +108,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
     }
 
-    EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key));
-    EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key));
+    EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key));
+    EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key));
     EXPECT_SUCCESS(s2n_connection_free(conn));
 
     END_TEST();

diff --git a/tests/unit/s2n_aead_aes_test.c b/tests/unit/s2n_aead_aes_test.c
@@ -30,15 +30,15 @@
 
 static int destroy_server_keys(struct s2n_connection *server_conn)
 {
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
     return 0;
 }
 
 static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
 {
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
     POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key));
     POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key));
 

diff --git a/tests/unit/s2n_aead_chacha20_poly1305_test.c b/tests/unit/s2n_aead_chacha20_poly1305_test.c
@@ -31,15 +31,15 @@
 
 static int destroy_server_keys(struct s2n_connection *server_conn)
 {
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key));
     return 0;
 }
 
 static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key)
 {
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
-    POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key));
+    POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key));
     POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key));
     POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key));
 
@@ -182,8 +182,8 @@ int main(int argc, char **argv)
 
         EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
         EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
-        POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
-        POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
+        POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
+        POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
 
         /* Tamper with the TAG and ensure decryption fails */
         for (size_t j = 0; j < S2N_TLS_CHACHA20_POLY1305_TAG_LEN; j++) {
@@ -208,8 +208,8 @@ int main(int argc, char **argv)
 
             EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
             EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
-            POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
-            POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
+            POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
+            POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
         }
 
         /* Tamper with the encrypted payload in the ciphertext and ensure decryption fails */
@@ -235,8 +235,8 @@ int main(int argc, char **argv)
 
             EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
             EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
-            POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
-            POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
+            POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key));
+            POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key));
         }
     }