Merge pull request #6545 from davidhorstmann-arm/2.28-fix-unusual-macros-0-followup
Refactor/tidy after fixing unusual macros
diff --git a/library/ecp.c b/library/ecp.c
index 402d5de..80adc55 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2051,7 +2051,7 @@
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == 0 )
+ if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )
@@ -2190,7 +2190,7 @@
*/
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == 0 )
+ if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5df2758..3475aa4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1089,11 +1089,6 @@
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
- renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- renegotiating = 1;
-#endif
if( !renegotiating )
{
if( ssl->session_negotiate->ticket != NULL &&
@@ -1209,11 +1204,6 @@
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
- renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
- renegotiating = 1;
-#endif
if( !renegotiating )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
@@ -2065,6 +2055,30 @@
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
+{
+ int bad_comp = 0;
+
+ /* Suppress warnings in some configurations */
+ (void) ssl;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+ /* See comments in ssl_write_client_hello() */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ comp != MBEDTLS_SSL_COMPRESS_NULL )
+ bad_comp = 1;
+#endif
+
+ if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
+ comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
+ bad_comp = 1;
+#else /* MBEDTLS_ZLIB_SUPPORT */
+ if( comp != MBEDTLS_SSL_COMPRESS_NULL )
+ bad_comp = 1;
+#endif/* MBEDTLS_ZLIB_SUPPORT */
+ return bad_comp;
+}
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{
@@ -2073,9 +2087,6 @@
size_t ext_len;
unsigned char *buf, *ext;
unsigned char comp;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
- int accept_comp;
-#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0;
#endif
@@ -2244,23 +2255,7 @@
*/
comp = buf[37 + n];
- int bad_comp = 0;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
- /* See comments in ssl_write_client_hello() */
- accept_comp = 1;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- accept_comp = 0;
-#endif
-
- if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
- ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
- bad_comp = 1;
-#else /* MBEDTLS_ZLIB_SUPPORT */
- if( comp != MBEDTLS_SSL_COMPRESS_NULL )
- bad_comp = 1;
-#endif/* MBEDTLS_ZLIB_SUPPORT */
- if( bad_comp )
+ if( is_compression_bad( ssl, comp ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server hello, bad compression: %d", comp ) );
@@ -2693,7 +2688,7 @@
grp_id = ssl->handshake->ecdh_ctx.grp.id;
#else
grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
if( curve_info == NULL )
@@ -2704,17 +2699,14 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
- int bad_params = 0;
#if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
- bad_params = 1;
+ return( -1 );
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
- bad_params = 1;
-#endif
- if( bad_params )
return( -1 );
+#endif /* MBEDTLS_ECP_C */
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP );
@@ -3462,25 +3454,23 @@
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled )
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
-#endif
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
- int send_alert_msg = 1;
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
- send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
-#endif
- if( send_alert_msg )
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+ return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+ }
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
return( ret );
}
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index e6abe85..8a57789 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -148,16 +148,22 @@
int do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- do_mbedtls_cipher_setup = 0;
-
ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES );
- if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- return( ret );
- /* We don't yet expect to support all ciphers through PSA,
- * so allow fallback to ordinary mbedtls_cipher_setup(). */
- if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
- do_mbedtls_cipher_setup = 1;
+
+ switch( ret )
+ {
+ case 0:
+ do_mbedtls_cipher_setup = 0;
+ break;
+ case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
+ /* We don't yet expect to support all ciphers through PSA,
+ * so allow fallback to ordinary mbedtls_cipher_setup(). */
+ do_mbedtls_cipher_setup = 1;
+ break;
+ default:
+ return( ret );
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )