mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix various issues

Browse Source 
- format problems
- name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-09-08 16:41:02 +08:00
parent ed2ef2d9e0
commit b60e3cf424
3 changed files with 91 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/ssl_misc.h
View File

@ -1363,39 +1363,39 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
/* /*
* Helper functions around key exchange modes. * Helper functions around key exchange modes.
*/ */
static inline unsigned mbedtls_ssl_conf_tls13_kex_modes_check( mbedtls_ssl_context *ssl, static inline unsigned mbedtls_ssl_conf_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
int kex_mode_mask ) int kex_mode_mask )
{ {
return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 ); return( ( ssl->conf->tls13_kex_modes & kex_mode_mask ) != 0 );
} }
static inline int mbedtls_ssl_conf_tls13_pure_psk_enabled( mbedtls_ssl_context *ssl ) static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{ {
return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) ); MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
} }
static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl ) static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
{ {
return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) ); MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
} }
static inline int mbedtls_ssl_conf_tls13_pure_ephemeral_enabled( mbedtls_ssl_context *ssl ) static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{ {
return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) ); MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
} }
static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl ) static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{ {
return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) ); MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
} }
static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl ) static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{ {
return( mbedtls_ssl_conf_tls13_kex_modes_check( ssl, return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) ); MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
} }
@ -1452,7 +1452,7 @@ static inline int mbedtls_ssl_conf_is_hybrid_tls12_tls13( const mbedtls_ssl_conf
/* /*
* Helper functions for NamedGroup. * Helper functions for NamedGroup.
*/ */
static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group ) static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group )
{ {
return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 || return( named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP256R1 ||
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 || named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_SECP384R1 ||
@ -1461,7 +1461,7 @@ static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group )
named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 ); named_group == MBEDTLS_SSL_TLS13_NAMED_GROUP_X448 );
} }
static inline int mbedtls_ssl_named_group_is_dhe( uint16_t named_group ) static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
{ {
return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 && return( named_group >= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 ); named_group <= MBEDTLS_SSL_TLS13_NAMED_GROUP_FFDHE8192 );

132
library/ssl_tls13_client.c
View File

@ -53,13 +53,11 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
/* /* Check if we have space for header and length fields:
* Check space for extension header. * - extension_type (2 bytes)
* * - extension_data_length (2 bytes)
* extension_type 2 * - versions_length (1 byte )
* extension_data_length 2 * - versions (2 bytes)
* version_length 1
* versions 2
*/ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 );
@ -111,16 +109,15 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
* NamedGroup named_group_list<2..2^16-1>; * NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList; * } NamedGroupList;
*/ */
/* Find out available ecdhe named groups in current configuration */
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
/* /*
* In versions of TLS prior to TLS 1.3, this extension was named * In versions of TLS prior to TLS 1.3, this extension was named
* 'elliptic_curves' and only contained elliptic curve groups. * 'elliptic_curves' and only contained elliptic curve groups.
*/ */
static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
#if !defined(MBEDTLS_ECP_C) #if !defined(MBEDTLS_ECP_C)
@ -144,7 +141,7 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
info++ ) info++ )
{ {
#endif #endif
if( !mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) if( !mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
continue; continue;
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2);
@ -161,10 +158,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
#else #else
static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl, static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *olen ) size_t *olen )
{ {
((void) ssl); ((void) ssl);
((void) buf); ((void) buf);
@ -174,11 +171,10 @@ static int ssl_tls13_write_named_group_ecdhe( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
/* Find out available dhe named groups in current configuration */ static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl, unsigned char *buf,
unsigned char *buf, unsigned char *end,
unsigned char *end, size_t *olen )
size_t *olen )
{ {
((void) ssl); ((void) ssl);
((void) buf); ((void) buf);
@ -188,18 +184,15 @@ static int ssl_tls13_write_named_group_dhe( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
/*
* Supported Groups Extension (supported_groups)
*/
static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl, static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf ; unsigned char *p = buf ;
unsigned char *named_group_ptr; /* Start of named_group_list */ unsigned char *name_group_list_ptr; /* Start of named_group_list */
size_t named_group_len = 0; size_t output_len = 0;
int ret = 0, ret_ecdhe, ret_dhe; int ret_ecdhe, ret_dhe;
*olen = 0; *olen = 0;
@ -208,24 +201,28 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_groups extension" ) );
/* Check there is space for extension header */ /* Check if we have space for header and length fields:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - named_group_list_length (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
p += 6; p += 6;
named_group_ptr = p; name_group_list_ptr = p;
ret_ecdhe = ssl_tls13_write_named_group_ecdhe( ssl, p, end, &named_group_len ); ret_ecdhe = ssl_tls13_write_named_group_list_ecdhe( ssl, p, end, &output_len );
if( ret_ecdhe != 0 ) if( ret_ecdhe != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_ecdhe", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_ecdhe", ret_ecdhe );
} }
p += named_group_len; p += output_len;
ret_dhe = ssl_tls13_write_named_group_dhe( ssl, p, end, &named_group_len ); ret_dhe = ssl_tls13_write_named_group_list_dhe( ssl, p, end, &output_len );
if( ret_dhe != 0 ) if( ret_dhe != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_dhe", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_named_group_list_dhe", ret_dhe );
} }
p += named_group_len; p += output_len;
/* Both ECDHE and DHE Fail. */ /* Both ECDHE and DHE Fail. */
if( ret_ecdhe != 0 && ret_dhe != 0 ) if( ret_ecdhe != 0 && ret_dhe != 0 )
@ -235,8 +232,8 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
} }
/* Length of named_group_list*/ /* Length of named_group_list*/
named_group_len = p - named_group_ptr; size_t named_group_list_len = p - name_group_list_ptr;
if( named_group_len == 0 ) if( named_group_list_len == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "No Named Group Available." ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -245,31 +242,31 @@ static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
/* Write extension_type */ /* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_GROUPS, buf, 0 );
/* Write extension_data_length */ /* Write extension_data_length */
MBEDTLS_PUT_UINT16_BE( named_group_len + 2, buf, 2 ); MBEDTLS_PUT_UINT16_BE( named_group_list_len + 2, buf, 2 );
/* Write length of named_group_list */ /* Write length of named_group_list */
MBEDTLS_PUT_UINT16_BE( named_group_len, buf, 4 ); MBEDTLS_PUT_UINT16_BE( named_group_list_len, buf, 4 );
MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_len + 2 ); MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
*olen = p - buf; *olen = p - buf;
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS; ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
return( ret ); return( 0 );
} }
/* /*
* Functions for writing key_share extension. * Functions for writing key_share extension.
*/ */
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl, static int ssl_tls13_generate_and_write_ecdh_key_exchange(
uint16_t named_group, mbedtls_ssl_context *ssl,
unsigned char *buf, uint16_t named_group,
unsigned char *end, unsigned char *buf,
size_t *olen ) unsigned char *end,
size_t *olen )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ecp_curve_info *curve_info = const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id( named_group ); mbedtls_ecp_curve_info_from_tls_id( named_group );
@ -300,8 +297,8 @@ static int ssl_key_share_gen_and_write_ecdhe( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl, static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *named_group_id ) uint16_t *group_id )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@ -329,15 +326,15 @@ static int ssl_named_group_get_default_id( mbedtls_ssl_context *ssl,
info++ ) info++ )
{ {
#endif #endif
if( info != NULL && mbedtls_ssl_named_group_is_ecdhe( info->tls_id ) ) if( info != NULL && mbedtls_ssl_tls13_named_group_is_ecdhe( info->tls_id ) )
{ {
*named_group_id = info->tls_id; *group_id = info->tls_id;
return( 0 ); return( 0 );
} }
} }
#else #else
((void) ssl); ((void) ssl);
((void) named_group_id); ((void) group_id);
#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_ECDH_C */
/* /*
@ -368,8 +365,8 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
{ {
unsigned char *p = buf; unsigned char *p = buf;
unsigned char *client_shares_ptr; /* Start of client_shares */ unsigned char *client_shares_ptr; /* Start of client_shares */
size_t client_shares_len; /* Length of client_shares */
uint16_t group_id; uint16_t group_id;
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
*olen = 0; *olen = 0;
@ -377,7 +374,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
return( 0 ); return( 0 );
/* Check if we have space for headers and length fields: /* Check if we have space for header and length fields:
* - extension_type (2 bytes) * - extension_type (2 bytes)
* - extension_data_length (2 bytes) * - extension_data_length (2 bytes)
* - client_shares_length (2 bytes) * - client_shares_length (2 bytes)
@ -389,10 +386,10 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
/* HRR could already have requested something else. */ /* HRR could already have requested something else. */
group_id = ssl->handshake->offered_group_id; group_id = ssl->handshake->offered_group_id;
if( !mbedtls_ssl_named_group_is_ecdhe( group_id ) && if( !mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) &&
!mbedtls_ssl_named_group_is_dhe( group_id ) ) !mbedtls_ssl_tls13_named_group_is_dhe( group_id ) )
{ {
MBEDTLS_SSL_PROC_CHK( ssl_named_group_get_default_id( ssl, MBEDTLS_SSL_PROC_CHK( ssl_tls13_get_default_group_id( ssl,
&group_id ) ); &group_id ) );
} }
@ -406,7 +403,7 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
*/ */
client_shares_ptr = p; client_shares_ptr = p;
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_named_group_is_ecdhe( group_id ) ) if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{ {
/* Pointer of group */ /* Pointer of group */
unsigned char *group_id_ptr = p; unsigned char *group_id_ptr = p;
@ -419,9 +416,9 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
*/ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
p += 4; p += 4;
ret = ssl_key_share_gen_and_write_ecdhe( ssl, group_id, ret = ssl_tls13_generate_and_write_ecdh_key_exchange( ssl, group_id,
p, end, p, end,
&key_exchange_len ); &key_exchange_len );
p += key_exchange_len; p += key_exchange_len;
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -440,12 +437,19 @@ static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
else else
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
/* Length of client_shares */
client_shares_len = p - client_shares_ptr;
if( client_shares_len == 0)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No key share defined." ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Write extension_type */ /* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
/* Write extension_data_length */ /* Write extension_data_length */
MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr + 2, buf, 2 ); MBEDTLS_PUT_UINT16_BE( client_shares_len + 2, buf, 2 );
/* Write client_shares_length */ /* Write client_shares_length */
MBEDTLS_PUT_UINT16_BE( p - client_shares_ptr, buf, 4 ); MBEDTLS_PUT_UINT16_BE( client_shares_len, buf, 4 );
/* Update offered_group_id field */ /* Update offered_group_id field */
ssl->handshake->offered_group_id = group_id; ssl->handshake->offered_group_id = group_id;

24
library/ssl_tls13_generic.c
View File

@ -28,7 +28,6 @@
#include "ssl_misc.h" #include "ssl_misc.h"
int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type, unsigned hs_type,
unsigned char **buf, unsigned char **buf,
@ -101,15 +100,14 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
* *
* Only if we handle at least one key exchange that needs signatures. * Only if we handle at least one key exchange that needs signatures.
*/ */
int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *olen ) size_t *olen )
{ {
unsigned char *p = buf; unsigned char *p = buf;
unsigned char *sig_alg_ptr; /* Start of supported_signature_algorithms */ unsigned char *supported_sig_alg_ptr; /* Start of supported_signature_algorithms */
size_t sig_alg_len = 0; /* Length of supported_signature_algorithms */ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
*olen = 0; *olen = 0;
@ -125,14 +123,18 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
/* Check there is space for extension header */ /* Check if we have space for header and length field:
* - extension_type (2 bytes)
* - extension_data_length (2 bytes)
* - supported_signature_algorithms_length (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
p += 6; p += 6;
/* /*
* Write supported_signature_algorithms * Write supported_signature_algorithms
*/ */
sig_alg_ptr = p; supported_sig_alg_ptr = p;
for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs; for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
*sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ ) *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
{ {
@ -142,9 +144,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
} }
/* Length of supported_signature_algorithms*/ /* Length of supported_signature_algorithms */
sig_alg_len = p - sig_alg_ptr; supported_sig_alg_len = p - supported_sig_alg_ptr;
if( sig_alg_len == 0 ) if( supported_sig_alg_len == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -153,9 +155,9 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
/* Write extension_type */ /* Write extension_type */
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 ); MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
/* Write extension_data_length */ /* Write extension_data_length */
MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, buf, 2 ); MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
/* Write length of supported_signature_algorithms */ /* Write length of supported_signature_algorithms */
MBEDTLS_PUT_UINT16_BE( sig_alg_len, buf, 4 ); MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
/* Output the total length of signature algorithms extension. */ /* Output the total length of signature algorithms extension. */
*olen = p - buf; *olen = p - buf;