Change code base on comments
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index c035504..a030b65 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -568,7 +568,8 @@
mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ mbedtls_md_type_t const md_type = handshake->ciphersuite_info->mac;
#if defined(MBEDTLS_DEBUG_C)
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md_info );
@@ -578,9 +579,9 @@
* Compute MasterSecret
*/
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
- ssl->handshake->tls1_3_master_secrets.handshake,
+ handshake->tls1_3_master_secrets.handshake,
NULL, 0,
- ssl->handshake->tls1_3_master_secrets.app );
+ handshake->tls1_3_master_secrets.app );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -588,7 +589,7 @@
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
- ssl->handshake->tls1_3_master_secrets.app, md_size );
+ handshake->tls1_3_master_secrets.app, md_size );
return( 0 );
}
@@ -690,7 +691,7 @@
exit:
- mbedtls_platform_zeroize( transcript, sizeof( transcript) );
+ mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}
@@ -1116,13 +1117,14 @@
mbedtls_ssl_key_set *traffic_keys )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* Address at which to store the application secrets */
mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
&ssl->session_negotiate->app_secrets;
/* Holding the transcript up to and including the ServerFinished */
- unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
/* Variables relating to the hash for the chosen ciphersuite. */
@@ -1139,11 +1141,11 @@
/* Extract basic information about hash and ciphersuite */
cipher_info = mbedtls_cipher_info_from_type(
- ssl->handshake->ciphersuite_info->cipher );
+ handshake->ciphersuite_info->cipher );
keylen = cipher_info->key_bitlen / 8;
ivlen = cipher_info->iv_size;
- md_type = ssl->handshake->ciphersuite_info->mac;
+ md_type = handshake->ciphersuite_info->mac;
md_info = mbedtls_md_info_from_type( md_type );
md_size = mbedtls_md_get_size( md_info );
@@ -1159,7 +1161,7 @@
/* Compute application secrets from master secret and transcript hash. */
ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
- ssl->handshake->tls1_3_master_secrets.app,
+ handshake->tls1_3_master_secrets.app,
transcript, transcript_len,
app_secrets );
if( ret != 0 )
@@ -1197,16 +1199,16 @@
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
app_secrets->client_application_traffic_secret_N, md_size,
- ssl->handshake->randbytes + 32,
- ssl->handshake->randbytes,
+ handshake->randbytes + 32,
+ handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
a new constant for TLS 1.3! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
app_secrets->server_application_traffic_secret_N, md_size,
- ssl->handshake->randbytes + 32,
- ssl->handshake->randbytes,
+ handshake->randbytes + 32,
+ handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: this should be replaced by
a new constant for TLS 1.3! */ );
}
@@ -1224,7 +1226,7 @@
cleanup:
- mbedtls_platform_zeroize( transcript, sizeof(transcript) );
+ mbedtls_platform_zeroize( transcript, sizeof( transcript ) );
return( ret );
}