move CLIENT/SERVER_HELLO_RANDOM_LEN to `ssl_misc.h`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 904d8c7..66fb26c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -309,6 +309,9 @@
#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
+#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Return the maximum fragment length (payload, in bytes) for
@@ -715,7 +718,9 @@
size_t pmslen; /*!< premaster length */
- unsigned char randbytes[64]; /*!< random bytes */
+ unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN];
+ /*!< random bytes */
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
/*!< premaster secret */
@@ -880,7 +885,9 @@
/* We need the Hello random bytes in order to re-derive keys from the
* Master Secret and other session info,
* see ssl_tls12_populate_transform() */
- unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
+ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
+ MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
+ /*!< ServerHello.random+ClientHello.random */
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
};
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 989bdc0..979db31 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -35,9 +35,6 @@
#include "ecdh_misc.h"
#include "ssl_tls13_keys.h"
-#define CLIENT_HELLO_RANDOM_LEN 32
-#define SERVER_HELLO_RANDOM_LEN 32
-
/* Write extensions */
/*
@@ -709,11 +706,11 @@
p += 2;
/* Write the random bytes ( random ).*/
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, CLIENT_HELLO_RANDOM_LEN );
- memcpy( p, ssl->handshake->randbytes, CLIENT_HELLO_RANDOM_LEN );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ memcpy( p, ssl->handshake->randbytes, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes",
- p, CLIENT_HELLO_RANDOM_LEN );
- p += CLIENT_HELLO_RANDOM_LEN;
+ p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
+ p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
/*
* Write legacy_session_id
@@ -834,7 +831,7 @@
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
ssl->handshake->randbytes,
- CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
+ MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
return( ret );
@@ -894,7 +891,7 @@
const unsigned char *buf,
const unsigned char *end )
{
- static const unsigned char magic_hrr_string[SERVER_HELLO_RANDOM_LEN] =
+ static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
@@ -1045,12 +1042,12 @@
* Check there is space for minimal fields
*
* - legacy_version ( 2 bytes)
- * - random (SERVER_HELLO_RANDOM_LEN bytes)
+ * - random (MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes)
* - legacy_session_id_echo ( 1 byte ), minimum size
* - cipher_suite ( 2 bytes)
* - legacy_compression_method ( 1 byte )
*/
- MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, SERVER_HELLO_RANDOM_LEN + 6 );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 6 );
MBEDTLS_SSL_DEBUG_BUF( 4, "server hello", p, end - p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", p, 2 );
@@ -1071,18 +1068,17 @@
}
p += 2;
- /* From RFC8446, page 27.
- * ...
+ /* ...
* Random random;
* ...
* with Random defined as:
- * opaque Random[32];
+ * opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
*/
- memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p,
- SERVER_HELLO_RANDOM_LEN );
+ memcpy( &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN], p,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
- p, SERVER_HELLO_RANDOM_LEN );
- p += SERVER_HELLO_RANDOM_LEN;
+ p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
/* ...
* opaque legacy_session_id_echo<0..32>;