Refine code base on comments
Move code to proper macro guards protection
Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index baf82a6..341e882 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -885,9 +885,9 @@
if( hostname_mismatch )
{
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "hostname mismatch the session ticket,"
- " should not resume " ) );
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ( "Hostname mismatch the session ticket, "
+ "disable session resumption." ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 6ba9ad5..82a0d5c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2496,7 +2496,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+ defined(MBEDTLS_SSL_TLS_C)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
const char *hostname );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6563b90..521b922 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -295,12 +295,9 @@
memcpy( dst->ticket, src->ticket, src->ticket_len );
}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- defined(MBEDTLS_SSL_CLI_C)
+ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( src->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
dst->hostname = NULL;
@@ -308,6 +305,7 @@
src->hostname );
}
#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
return( 0 );
}
@@ -1974,10 +1972,9 @@
{
unsigned char *p = buf;
#if defined(MBEDTLS_SSL_CLI_C) && \
- defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
size_t hostname_len = ( session->hostname == NULL ) ?
- 0 : strlen( session->hostname );
+ 0 : strlen( session->hostname ) + 1;
#endif
size_t needed = 1 /* endpoint */
+ 2 /* ciphersuite */
@@ -2029,24 +2026,7 @@
memcpy( p, session->resumption_key, session->resumption_key_len );
p += session->resumption_key_len;
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_CLI_C)
- if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
- p += 2;
- if ( hostname_len > 0 &&
- session->hostname != NULL )
- {
- /* save host name */
- memcpy( p, session->hostname, hostname_len );
- p += hostname_len;
- }
- }
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
- MBEDTLS_SSL_SESSION_TICKETS &&
- MBEDTLS_SSL_CLI_C */
+
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -2059,6 +2039,17 @@
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
+ p += 2;
+ if ( hostname_len > 0 )
+ {
+ /* save host name */
+ memcpy( p, session->hostname, hostname_len );
+ p += hostname_len;
+ }
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
#if defined(MBEDTLS_HAVE_TIME)
MBEDTLS_PUT_UINT64_BE( (uint64_t) session->ticket_received, p, 0 );
p += 8;
@@ -2106,33 +2097,6 @@
memcpy( session->resumption_key, p, session->resumption_key_len );
p += session->resumption_key_len;
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
- defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_CLI_C)
- if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- size_t hostname_len;
- /* load host name */
- if( end - p < 2 )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- hostname_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
-
- if( end - p < ( long int )hostname_len )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( hostname_len > 0 )
- {
- session->hostname = mbedtls_calloc( 1, hostname_len + 1 );
- if( session->hostname == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- memcpy( session->hostname, p, hostname_len );
- p += hostname_len;
- }
- }
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
- MBEDTLS_SSL_SESSION_TICKETS &&
- MBEDTLS_SSL_CLI_C */
-
#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
if( session->endpoint == MBEDTLS_SSL_IS_SERVER )
{
@@ -2146,6 +2110,28 @@
#if defined(MBEDTLS_SSL_CLI_C)
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+ defined(MBEDTLS_SSL_SESSION_TICKETS)
+ size_t hostname_len;
+ /* load host name */
+ if( end - p < 2 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ hostname_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+
+ if( end - p < ( long int )hostname_len )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ if( hostname_len > 0 )
+ {
+ session->hostname = mbedtls_calloc( 1, hostname_len );
+ if( session->hostname == NULL )
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ memcpy( session->hostname, p, hostname_len );
+ p += hostname_len;
+ }
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION &&
+ MBEDTLS_SSL_SESSION_TICKETS */
+
#if defined(MBEDTLS_HAVE_TIME)
if( end - p < 8 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -2475,6 +2461,7 @@
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
+
if( ssl->hostname != NULL )
{
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
@@ -2482,6 +2469,7 @@
}
/* Passing NULL as hostname shall clear the old one */
+
if( hostname == NULL )
{
ssl->hostname = NULL;
@@ -3745,13 +3733,12 @@
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- mbedtls_free( session->ticket );
-#endif
-
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
mbedtls_free( session->hostname );
#endif
+ mbedtls_free( session->ticket );
+#endif
mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
}
@@ -8874,7 +8861,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+ defined(MBEDTLS_SSL_TLS_C)
int mbedtls_ssl_session_set_hostname( mbedtls_ssl_session *session,
const char *hostname )
{
@@ -8918,6 +8906,7 @@
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
MBEDTLS_SSL_SESSION_TICKETS &&
- MBEDTLS_SSL_SERVER_NAME_INDICATION */
+ MBEDTLS_SSL_SERVER_NAME_INDICATION &&
+ MBEDTLS_SSL_TLS_C */
#endif /* MBEDTLS_SSL_TLS_C */