mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-23 12:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Wrap lines which exceed 80 chars in ssl_tls13_server.c

Browse Source 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian 2023-03-30 02:50:04 +00:00
parent 958b6ffe98
commit 9f1747bb1f
1 changed files with 53 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
library/ssl_tls13_server.c
View File

@ -317,11 +317,10 @@ static int ssl_tls13_offered_psks_check_identity_match(
} }
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_binder_match(mbedtls_ssl_context *ssl, static int ssl_tls13_offered_psks_check_binder_match(
const unsigned char *binder, mbedtls_ssl_context *ssl,
size_t binder_len, const unsigned char *binder, size_t binder_len,
int psk_type, int psk_type, psa_algorithm_t psk_hash_alg)
psa_algorithm_t psk_hash_alg)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -490,11 +489,12 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
* } PreSharedKeyExtension; * } PreSharedKeyExtension;
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, static int ssl_tls13_parse_pre_shared_key_ext(
const unsigned char *pre_shared_key_ext, mbedtls_ssl_context *ssl,
const unsigned char *pre_shared_key_ext_end, const unsigned char *pre_shared_key_ext,
const unsigned char *ciphersuites, const unsigned char *pre_shared_key_ext_end,
const unsigned char *ciphersuites_end) const unsigned char *ciphersuites,
const unsigned char *ciphersuites_end)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext; const unsigned char *identities = pre_shared_key_ext;
@ -621,8 +621,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
mbedtls_ssl_session_free(&session); mbedtls_ssl_session_free(&session);
#endif #endif
MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder.")); MBEDTLS_SSL_DEBUG_MSG(3, ("Invalid binder."));
MBEDTLS_SSL_DEBUG_RET(1, MBEDTLS_SSL_DEBUG_RET(
"ssl_tls13_offered_psks_check_binder_match", ret); 1, "ssl_tls13_offered_psks_check_binder_match", ret);
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
@ -656,9 +656,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
} }
/* Update the handshake transcript with the binder list. */ /* Update the handshake transcript with the binder list. */
ret = ssl->handshake->update_checksum(ssl, ret = ssl->handshake->update_checksum(
identities_end, ssl, identities_end, (size_t) (binders_end - identities_end));
(size_t) (binders_end - identities_end));
if (0 != ret) { if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret; return ret;
@ -840,13 +839,14 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
#if defined(PSA_WANT_ALG_ECDH) #if defined(PSA_WANT_ALG_ECDH)
/* /*
* ssl_tls13_parse_key_shares_ext() verifies whether the information in the * ssl_tls13_parse_key_shares_ext() verifies whether the information in the
* extension is correct and stores the first acceptable key share and its associated group. * extension is correct and stores the first acceptable key share and its
* associated group.
* *
* Possible return values are: * Possible return values are:
* - 0: Successful processing of the client provided key share extension. * - 0: Successful processing of the client provided key share extension.
* - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by the client * - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by
* does not match a group supported by the server. A HelloRetryRequest will * the client does not match a group supported by the server. A
* be needed. * HelloRetryRequest will be needed.
* - A negative value for fatal errors. * - A negative value for fatal errors.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
@ -1042,7 +1042,8 @@ static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
* 3 ) Plain PSK Mode ( psk ) * 3 ) Plain PSK Mode ( psk )
*/ */
ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
ssl->handshake->key_exchange_mode = ssl->handshake->key_exchange_mode =
@ -1552,8 +1553,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
ret = ssl_tls13_parse_supported_groups_ext( ret = ssl_tls13_parse_supported_groups_ext(
ssl, p, extension_data_end); ssl, p, extension_data_end);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, MBEDTLS_SSL_DEBUG_RET(
"mbedtls_ssl_parse_supported_groups_ext", ret); 1, "mbedtls_ssl_parse_supported_groups_ext", ret);
return ret; return ret;
} }
@ -1593,7 +1594,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
MBEDTLS_SSL_DEBUG_MSG(3, ("found psk key exchange modes extension")); MBEDTLS_SSL_DEBUG_MSG(
3, ("found psk key exchange modes extension"));
ret = ssl_tls13_parse_key_exchange_modes_ext( ret = ssl_tls13_parse_key_exchange_modes_ext(
ssl, p, extension_data_end); ssl, p, extension_data_end);
@ -1645,10 +1647,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
ret = mbedtls_ssl_parse_sig_alg_ext( ret = mbedtls_ssl_parse_sig_alg_ext(
ssl, p, extension_data_end); ssl, p, extension_data_end);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, MBEDTLS_SSL_DEBUG_MSG(
( 1, ("mbedtls_ssl_parse_sig_alg_ext ( %d )", ret));
"ssl_parse_supported_signature_algorithms_server_ext ( %d )",
ret));
return ret; return ret;
} }
break; break;
@ -1658,10 +1658,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: case MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT:
MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension")); MBEDTLS_SSL_DEBUG_MSG(3, ("found record_size_limit extension"));
ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(ssl, p, extension_data_end); ret = mbedtls_ssl_tls13_parse_record_size_limit_ext(
ssl, p, extension_data_end);
/* TODO: Return unconditionally here until we handle the record size limit correctly. /* TODO: Return unconditionally here until we handle the record
* Once handled correctly, only return in case of errors. */ * size limit correctly.
* Once handled correctly, only return in case of errors. */
return ret; return ret;
break; break;
@ -2239,9 +2241,8 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl)); MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_server_hello(ssl));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
MBEDTLS_SSL_HS_SERVER_HELLO, &buf, ssl, MBEDTLS_SSL_HS_SERVER_HELLO, &buf, &buf_len));
&buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf, MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_server_hello_body(ssl, buf,
buf + buf_len, buf + buf_len,
@ -2413,15 +2414,16 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions")); MBEDTLS_SSL_DEBUG_MSG(2, ("=> write encrypted extensions"));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, &buf, ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
&buf_len)); &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body( MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
ssl, buf, buf + buf_len, &msg_len)); ssl, buf, buf + buf_len, &msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len)); ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len)); ssl, buf_len, msg_len));
@ -2546,15 +2548,16 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
unsigned char *buf; unsigned char *buf;
size_t buf_len, msg_len; size_t buf_len, msg_len;
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
&buf, &buf_len)); &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body( MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len)); ssl, buf, buf + buf_len, &msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len)); ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len)); ssl, buf_len, msg_len));
@ -2665,8 +2668,8 @@ static int ssl_tls13_process_client_finished(mbedtls_ssl_context *ssl)
ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl); ret = mbedtls_ssl_tls13_compute_resumption_master_secret(ssl);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, MBEDTLS_SSL_DEBUG_RET(
"mbedtls_ssl_tls13_compute_resumption_master_secret", ret); 1, "mbedtls_ssl_tls13_compute_resumption_master_secret", ret);
} }
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
@ -2691,7 +2694,8 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
*/ */
/* Sent NewSessionTicket message only when client supports PSK */ /* Sent NewSessionTicket message only when client supports PSK */
if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) { if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
} else } else
#endif #endif
{ {
@ -2954,9 +2958,9 @@ static int ssl_tls13_write_new_session_ticket(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket( MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_new_session_ticket(
ssl, ticket_nonce, sizeof(ticket_nonce))); ssl, ticket_nonce, sizeof(ticket_nonce)));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
MBEDTLS_SSL_HS_NEW_SESSION_TICKET, ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
&buf, &buf_len)); &buf, &buf_len));
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body( MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_new_session_ticket_body(
ssl, buf, buf + buf_len, &msg_len, ssl, buf, buf + buf_len, &msg_len,
@ -3124,7 +3128,8 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
if (ssl->handshake->new_session_tickets_count == 0) { if (ssl->handshake->new_session_tickets_count == 0) {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
} else { } else {
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
} }
break; break;