fix comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-02-03 20:54:00 +00:00 · 2022-01-12 11:17:02 +08:00 · 2022-01-12 11:17:02 +08:00 · b925f21806
commit b925f21806
parent f0fede56a6
3 changed files with 26 additions and 33 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -317,6 +317,11 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
+ */
 static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
                                           const unsigned char *buf,
                                           size_t len )
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7193,9 +7193,11 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 /*
- * Functions for writing supported_groups extension.
+ * Function for writing a supported groups (TLS 1.3) or supported elliptic
+ * curves (TLS 1.2) extension.
 *
- * Stucture of supported_groups from RFC8446:
+ * The "extension_data" field of a supported groups extension contains a
+ * "NamedGroupList" value (TLS 1.3 RFC8446):
 *      enum {
 *          secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
 *          x25519(0x001D), x448(0x001E),
@ -7208,7 +7210,9 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
 *      struct {
 *          NamedGroup named_group_list<2..2^16-1>;
 *      } NamedGroupList;
- * From RFC8422:
+ *
+ * The "extension_data" field of a supported elliptic curves extension contains
+ * a "NamedCurveList" value (TLS 1.2 RFC 8422):
 * enum {
 *      deprecated(1..22),
 *      secp256r1 (23), secp384r1 (24), secp521r1 (25),
@ -7221,9 +7225,11 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
 *      NamedCurve named_curve_list<2..2^16-1>
 *  } NamedCurveList;
 *
- * RFC8422 and RFC8446 share simillar structure and same extension id.
+ * The TLS 1.3 supported groups extension was defined to be a compatible
+ * generalization of the TLS 1.2 supported elliptic curves extension. They both
+ * share the same extension identifier.
 *
- * DHE groups hasn't been supported yet.
+ * DHE groups are not supported yet.
 */
 int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                            unsigned char *buf,
@ -7264,15 +7270,13 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
        {
            const mbedtls_ecp_curve_info *curve_info;
            curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
-            if( curve_info != NULL )
-            {
-                MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-                MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
-                p += 2;
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
-                                    curve_info->name, *group_list ) );
+            if( curve_info == NULL )
                continue;
-            }
+            MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+            MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
+            p += 2;
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
+                                curve_info->name, *group_list ) );
        }
 #endif /* MBEDTLS_ECP_C */
        /* Add DHE groups here */
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -613,12 +613,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
    p += output_len;

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    /* Write supported_groups extension
-     *
-     * It is REQUIRED for ECDHE cipher_suites.
+
+    /*
+     * Add the extensions related to (EC)DHE ephemeral key establishment only if
+     * enabled as per the configuration.
     */
-    /* Skip the extensions on the client if all allowed key exchanges
-     * are PSK-based. */
    if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
    {
        ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
@ -626,26 +625,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
            return( ret );
        p += output_len;

-        /* Write key_share extension
-        *
-        * We need to send the key shares under three conditions:
-        * 1) A certificate-based ciphersuite is being offered. In this case
-        *    supported_groups and supported_signature extensions have been
-        *    successfully added.
-        * 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
-        *    psk_key_exchange_modes has been added as the last extension.
-        * 3) Or, in case all ciphers are supported ( which includes #1 and #2
-        *    from above )
-        */
        ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
        if( ret != 0 )
            return( ret );
        p += output_len;

-        /* Write signature_algorithms extension
-        *
-        * It is REQUIRED for certificate authenticated cipher_suites.
-        */
        ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
        if( ret != 0 )
            return( ret );