Change coding style
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ae6cbfa..3b0d61b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -783,22 +783,6 @@
#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
-
- /* Server, outgoing ClientKeyExchange */
- struct
- {
- uint8_t preparation_done;
- } cli_key_exch_in;
-
- /* Server, outgoing ClientKeyExchange */
- struct
- {
- uint8_t preparation_done;
- } encrypted_extensions_out;
-
-#endif /* MBEDTLS_SSL_SRV_C */
-
/* Incoming CertificateVerify */
struct
{
@@ -1262,8 +1246,9 @@
int mbedtls_ssl_read_certificate_process(mbedtls_ssl_context *ssl);
int mbedtls_ssl_write_certificate_process(mbedtls_ssl_context *ssl);
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_finished_out_process( mbedtls_ssl_context *ssl );
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e36e28d..2bde4a8 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1605,9 +1605,7 @@
*/
static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
- return( 0 );
+ return ( mbedtls_ssl_tls13_finished_in_process( ssl ) );
}
/*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c9bf78e..87bc12c 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -852,11 +852,11 @@
*/
/* Main entry point: orchestrates the other functions */
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl );
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl );
-static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl );
-static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl );
-static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl );
+static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl );
+static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
const unsigned char* buf,
size_t buflen );
@@ -864,7 +864,7 @@
* Implementation
*/
-int mbedtls_ssl_tls1_3_finished_in_process( mbedtls_ssl_context* ssl )
+int mbedtls_ssl_tls13_finished_in_process( mbedtls_ssl_context* ssl )
{
int ret = 0;
unsigned char *buf;
@@ -873,15 +873,15 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
/* Preprocessing step: Compute handshake digest */
- MBEDTLS_SSL_PROC_CHK( ssl_finished_in_preprocess( ssl ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_preprocess( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED,
&buf, &buflen ) );
- MBEDTLS_SSL_PROC_CHK( ssl_finished_in_parse( ssl, buf, buflen ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_parse( ssl, buf, buflen ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
- MBEDTLS_SSL_PROC_CHK( ssl_finished_in_postprocess( ssl ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_finished_in_postprocess( ssl ) );
cleanup:
@@ -889,7 +889,7 @@
return( ret );
}
-static int ssl_finished_in_preprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finished_in_preprocess( mbedtls_ssl_context* ssl )
{
int ret;
@@ -907,7 +907,7 @@
return( 0 );
}
-static int ssl_finished_in_parse( mbedtls_ssl_context* ssl,
+static int ssl_tls13_finished_in_parse( mbedtls_ssl_context* ssl,
const unsigned char* buf,
size_t buflen )
{
@@ -941,17 +941,17 @@
return( 0 );
}
-static int ssl_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
+static int ssl_tls13_finished_in_postprocess_cli( mbedtls_ssl_context *ssl )
{
int ret = 0;
mbedtls_ssl_key_set traffic_keys;
mbedtls_ssl_transform *transform_application;
- ret = mbedtls_ssl_tls1_3_key_schedule_stage_application( ssl );
+ ret = mbedtls_ssl_tls13_key_schedule_stage_application( ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls1_3_key_schedule_stage_application", ret );
+ "mbedtls_ssl_tls13_key_schedule_stage_application", ret );
return( ret );
}
@@ -987,12 +987,12 @@
return( 0 );
}
-static int ssl_finished_in_postprocess( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finished_in_postprocess( mbedtls_ssl_context* ssl )
{
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
- return( ssl_finished_in_postprocess_cli( ssl ) );
+ return( ssl_tls13_finished_in_postprocess_cli( ssl ) );
}
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 010d635..ddbeb62 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -564,7 +564,7 @@
return( 0 );
}
-int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+int mbedtls_ssl_tls13_key_schedule_stage_application(
mbedtls_ssl_context *ssl )
{
int ret = 0;
@@ -577,7 +577,6 @@
/*
* Compute MasterSecret
*/
-
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
ssl->handshake->tls1_3_master_secrets.handshake,
NULL, 0,
@@ -687,7 +686,6 @@
*actual_len = md_size;
MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
-
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) );
return( 0 );
}
@@ -1152,7 +1150,7 @@
transcript, sizeof( transcript ),
&transcript_len );
if( ret != 0 )
- return( ret );
+ goto cleanup;
/* Compute application secrets from master secret and transcript hash. */
@@ -1164,7 +1162,7 @@
{
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_tls1_3_derive_application_secrets", ret );
- return( ret );
+ goto cleanup;
}
/* Derive first epoch of IV + Key for application traffic. */
@@ -1176,7 +1174,7 @@
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
- return( ret );
+ goto cleanup;
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
@@ -1219,7 +1217,19 @@
traffic_keys->server_write_iv, ivlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
- return( 0 );
+
+ cleanup:
+
+ mbedtls_platform_zeroize( transcript, sizeof(transcript) );
+ mbedtls_platform_zeroize( traffic_keys->client_write_key,
+ sizeof(traffic_keys->client_write_key) );
+ mbedtls_platform_zeroize( traffic_keys->server_write_key,
+ sizeof(traffic_keys->server_write_key) );
+ mbedtls_platform_zeroize( traffic_keys->client_write_iv,
+ sizeof(traffic_keys->client_write_iv) );
+ mbedtls_platform_zeroize( traffic_keys->server_write_iv,
+ sizeof(traffic_keys->server_write_iv) );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 78bfc2a..31a5029 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -586,7 +586,7 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_key_schedule_stage_application(
+int mbedtls_ssl_tls13_key_schedule_stage_application(
mbedtls_ssl_context *ssl );
/**
@@ -594,7 +594,7 @@
*
* \param ssl The SSL context to operate on. This must be in
* key schedule stage \c Application, see
- * mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ * mbedtls_ssl_tls13_key_schedule_stage_application().
* \param traffic_keys The address at which to store the application traffic key
* keys. This must be writable but may be uninitialized.
*
@@ -609,7 +609,7 @@
*
* \param ssl The SSL context to operate on. This must be in
* key schedule stage \c Handshake, see
- * mbedtls_ssl_tls1_3_key_schedule_stage_application().
+ * mbedtls_ssl_tls13_key_schedule_stage_application().
* \param dst The address at which to write the Finished content.
* \param dst_len The size of \p dst in bytes.
* \param actual_len The address at which to store the amount of data