commit da41b38c425de59b5500bc3fcd62336ecae4215f
author Ronald Cron <ronald.cron@arm.com> Wed Mar 30 09:57:11 2022 +0200
committer Ronald Cron <ronald.cron@arm.com> Wed Mar 30 14:10:03 2022 +0200
tree d19f100daa7911f8c9f6e6897516465a85000f41
parent 8ecd9937a9e8cf02c687624230a1fd4d53fab35f

Improve and fix comments

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_client.c

diff --git a/library/ssl_client.c b/library/ssl_client.c
index f20542e..eeb586d 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -621,15 +621,6 @@
      * Random random;
      * ...
      *
-     * with for TLS 1.2
-     * struct {
-     *     uint32 gmt_unix_time;
-     *     opaque random_bytes[28];
-     * } Random;
-     *
-     * and for TLS 1.3
-     * opaque Random[32];
-     *
      * The random bytes have been prepared by ssl_prepare_client_hello() into
      * the handshake->randbytes buffer and are copied here into the output
      * buffer.
@@ -652,7 +643,7 @@
      * opaque legacy_session_id<0..32>;
      * ...
      *
-     * The (legacy) session identifier bytes have been by
+     * The (legacy) session identifier bytes have been prepared by
      * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
      * and are copied here into the output buffer.
      */
@@ -890,9 +881,9 @@
     }
 
     /*
-     * But when responding to a verify request where we MUST reuse the
-     * previoulsy generated random bytes (RFC 6347 4.2.1), generate the
-     * random bytes.
+     * Generate the random bytes, except when responding to a verify request
+     * where we MUST reuse the previoulsy generated random bytes
+     * (RFC 6347 4.2.1).
      */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
@@ -908,9 +899,10 @@
     }
 
     /*
-     * Prepare session identifier. But in the case of a TLS 1.2 session
-     * renegotiation or session resumption, the initial value of the session
-     * identifier length below is equal to zero.
+     * Prepare session identifier. At that point, the length of the session
+     * identifier in the SSL context `ssl->session_negotiate->id_len` is equal
+     * to zero, except in the case of a TLS 1.2 session renegotiation or
+     * session resumption.
      */
     session_id_len = ssl->session_negotiate->id_len;
 
@@ -1019,7 +1011,7 @@
          * The two functions below may try to send data on the network and
          * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they
          * fail to do so and the transmission has to be retried later. In that
-         * case as in fatal error cases, we return immediatly. But we must have
+         * case as in fatal error cases, we return immediately. But we must have
          * set the handshake state to the next state at that point to ensure
          * that we will not write and send again a ClientHello when we
          * eventually succeed in sending the pending data.