TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b925f2180641f8931b5e356cedd21987a96f4f6b^! / . / library
commitb925f2180641f8931b5e356cedd21987a96f4f6b[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Wed Jan 12 11:17:02 2022 +0800
committerJerry Yu <jerry.h.yu@arm.com>Wed Jan 12 11:17:02 2022 +0800
treea98a00cb87b1b17b18759ce0f52ec2de4dce7de2
parentf0fede56a6b994d577a1f3b93d6a068cd619fa80 [diff]
fix comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3794dad..f5af5c7 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -317,6 +317,11 @@
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ */
 static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
                                            const unsigned char *buf,
                                            size_t len )

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 55c5e14..7644903 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7193,9 +7193,11 @@
     defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 /*
- * Functions for writing supported_groups extension.
+ * Function for writing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
  *
- * Stucture of supported_groups from RFC8446:
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
  *      enum {
  *          secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
  *          x25519(0x001D), x448(0x001E),
@@ -7208,7 +7210,9 @@
  *      struct {
  *          NamedGroup named_group_list<2..2^16-1>;
  *      } NamedGroupList;
- * From RFC8422:
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
  * enum {
  *      deprecated(1..22),
  *      secp256r1 (23), secp384r1 (24), secp521r1 (25),
@@ -7221,9 +7225,11 @@
  *      NamedCurve named_curve_list<2..2^16-1>
  *  } NamedCurveList;
  *
- * RFC8422 and RFC8446 share simillar structure and same extension id.
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
  *
- * DHE groups hasn't been supported yet.
+ * DHE groups are not supported yet.
  */
 int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                             unsigned char *buf,
@@ -7264,15 +7270,13 @@
         {
             const mbedtls_ecp_curve_info *curve_info;
             curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
-            if( curve_info != NULL )
-            {
-                MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-                MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
-                p += 2;
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
-                                    curve_info->name, *group_list ) );
+            if( curve_info == NULL )
                 continue;
-            }
+            MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+            MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+            p += 2;
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+                                curve_info->name, *group_list ) );
         }
 #endif /* MBEDTLS_ECP_C */
         /* Add DHE groups here */

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 9541fc3..c6f8ce3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -613,12 +613,11 @@
     p += output_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    /* Write supported_groups extension
-     *
-     * It is REQUIRED for ECDHE cipher_suites.
+
+    /*
+     * Add the extensions related to (EC)DHE ephemeral key establishment only if
+     * enabled as per the configuration.
      */
-    /* Skip the extensions on the client if all allowed key exchanges
-     * are PSK-based. */
     if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
     {
         ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
@@ -626,26 +625,11 @@
             return( ret );
         p += output_len;
 
-        /* Write key_share extension
-        *
-        * We need to send the key shares under three conditions:
-        * 1) A certificate-based ciphersuite is being offered. In this case
-        *    supported_groups and supported_signature extensions have been
-        *    successfully added.
-        * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
-        *    psk_key_exchange_modes has been added as the last extension.
-        * 3) Or, in case all ciphers are supported ( which includes #1 and #2
-        *    from above )
-        */
         ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
         if( ret != 0 )
             return( ret );
         p += output_len;
 
-        /* Write signature_algorithms extension
-        *
-        * It is REQUIRED for certificate authenticated cipher_suites.
-        */
         ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
         if( ret != 0 )
             return( ret );