fix various issues
- format problems
- name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f8f5fe6..fb84384 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1363,39 +1363,39 @@
/*
* Helper functions around key exchange modes.
*/
-static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl,
+static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
int kex_mode_mask )
{
return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
}
-static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+ return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
}
static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+ return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
-static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+ return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+ return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl,
+ return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
@@ -1452,7 +1452,7 @@
/*
* Helper functions for NamedGroup.
*/
-static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
{
return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
@@ -1461,7 +1461,7 @@
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
}
-static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group )
+static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
{
return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8323b67..d3eab84 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -53,13 +53,11 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
- /*
- * Check space for extension header.
- *
- * extension_type 2
- * extension_data_length 2
- * version_length 1
- * versions 2
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - versions_length (1 byte )
+ * - versions (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
@@ -111,16 +109,15 @@
* NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList;
*/
-/* Find out available ecdhe named groups in current configuration */
#if defined(MBEDTLS_ECDH_C)
/*
* In versions of TLS prior to TLS 1.3, this extension was named
* 'elliptic_curves' and only contained elliptic curve groups.
*/
-static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
#if !defined(MBEDTLS_ECP_C)
@@ -144,7 +141,7 @@
info++ )
{
#endif
- if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+ if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
continue;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
@@ -161,10 +158,10 @@
return( 0 );
}
#else
-static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
((void) ssl);
((void) buf);
@@ -174,11 +171,10 @@
}
#endif /* MBEDTLS_ECDH_C */
-/* Find out available dhe named groups in current configuration */
-static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
((void) ssl);
((void) buf);
@@ -188,18 +184,15 @@
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
-/*
- * Supported Groups Extension (supported_groups)
- */
static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
{
unsigned char *p = buf ;
- unsigned char *named_group_ptr; /* Start of named_group_list */
- size_t named_group_len = 0;
- int ret = 0, ret_ecdhe, ret_dhe;
+ unsigned char *name_group_list_ptr; /* Start of named_group_list */
+ size_t output_len = 0;
+ int ret_ecdhe, ret_dhe;
*olen = 0;
@@ -208,24 +201,28 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
- /* Check there is space for extension header */
+ /* Check if we have space for header and length fields:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - named_group_list_length (2 bytes)
+ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
p += 6;
- named_group_ptr = p;
- ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len );
+ name_group_list_ptr = p;
+ ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
if( ret_ecdhe != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
}
- p += named_group_len;
+ p += output_len;
- ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len );
+ ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
if( ret_dhe != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
}
- p += named_group_len;
+ p += output_len;
/* Both ECDHE and DHE Fail. */
if( ret_ecdhe != 0 && ret_dhe != 0 )
@@ -235,8 +232,8 @@
}
/* Length of named_group_list*/
- named_group_len = p - named_group_ptr;
- if( named_group_len == 0 )
+ size_t named_group_list_len = p - name_group_list_ptr;
+ if( named_group_list_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -245,31 +242,31 @@
/* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
/* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
/* Write length of named_group_list */
- MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 );
+ MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
- MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
*olen = p - buf;
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
- return( ret );
+ return( 0 );
}
/*
* Functions for writing key_share extension.
*/
#if defined(MBEDTLS_ECDH_C)
-static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl,
- uint16_t named_group,
- unsigned char *buf,
- unsigned char *end,
- size_t *olen )
+static int ssl_tls13_generate_and_write_ecdh_key_exchange(
+ mbedtls_ssl_context *ssl,
+ uint16_t named_group,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *olen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id( named_group );
@@ -300,8 +297,8 @@
}
#endif /* MBEDTLS_ECDH_C */
-static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl,
- uint16_t *named_group_id )
+static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
+ uint16_t *group_id )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -329,15 +326,15 @@
info++ )
{
#endif
- if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) )
+ if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
{
- *named_group_id = info->tls_id;
+ *group_id = info->tls_id;
return( 0 );
}
}
#else
((void) ssl);
- ((void) named_group_id);
+ ((void) group_id);
#endif /* MBEDTLS_ECDH_C */
/*
@@ -368,8 +365,8 @@
{
unsigned char *p = buf;
unsigned char *client_shares_ptr; /* Start of client_shares */
+ size_t client_shares_len; /* Length of client_shares */
uint16_t group_id;
-
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
*olen = 0;
@@ -377,7 +374,7 @@
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
return( 0 );
- /* Check if we have space for headers and length fields:
+ /* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - client_shares_length (2 bytes)
@@ -389,10 +386,10 @@
/* HRR could already have requested something else. */
group_id = ssl->handshake->offered_group_id;
- if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) &&
- !mbedtls_ssl_named_group_is_dhe( group_id ) )
+ if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) &&
+ !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) )
{
- MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl,
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl,
&group_id ) );
}
@@ -406,7 +403,7 @@
*/
client_shares_ptr = p;
#if defined(MBEDTLS_ECDH_C)
- if( mbedtls_ssl_named_group_is_ecdhe( group_id ) )
+ if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{
/* Pointer of group */
unsigned char *group_id_ptr = p;
@@ -419,9 +416,9 @@
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
p += 4;
- ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id,
- p, end,
- &key_exchange_len );
+ ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id,
+ p, end,
+ &key_exchange_len );
p += key_exchange_len;
if( ret != 0 )
return( ret );
@@ -440,12 +437,19 @@
else
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ /* Length of client_shares */
+ client_shares_len = p - client_shares_ptr;
+ if( client_shares_len == 0)
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
/* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
/* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 );
/* Write client_shares_length */
- MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 );
+ MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 );
/* Update offered_group_id field */
ssl->handshake->offered_group_id = group_id;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 79ecfff..5c20f29 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -28,7 +28,6 @@
#include "ssl_misc.h"
-
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
@@ -101,15 +100,14 @@
*
* Only if we handle at least one key exchange that needs signatures.
*/
-
int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *olen )
{
unsigned char *p = buf;
- unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */
- size_t sig_alg_len = 0; /* Length of supported_signature_algorithms */
+ unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */
+ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
*olen = 0;
@@ -125,14 +123,18 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
- /* Check there is space for extension header */
+ /* Check if we have space for header and length field:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - supported_signature_algorithms_length (2 bytes)
+ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
p += 6;
/*
* Write supported_signature_algorithms
*/
- sig_alg_ptr = p;
+ supported_sig_alg_ptr = p;
for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
*sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
{
@@ -142,9 +144,9 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
}
- /* Length of supported_signature_algorithms*/
- sig_alg_len = p - sig_alg_ptr;
- if( sig_alg_len == 0 )
+ /* Length of supported_signature_algorithms */
+ supported_sig_alg_len = p - supported_sig_alg_ptr;
+ if( supported_sig_alg_len == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -153,9 +155,9 @@
/* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
/* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
/* Write length of supported_signature_algorithms */
- MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
/* Output the total length of signature algorithms extension. */
*olen = p - buf;