mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-28 09:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change code for styles and comments .etc

Browse Source 
Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2021-11-09 11:55:10 +00:00
parent 44c38f7e36
commit c5c39d5800
6 changed files with 61 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/mbedtls/ssl.h
View File

@ -605,6 +605,8 @@ union mbedtls_ssl_premaster_secret
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
/* Length in number of bytes of the TLS sequence number */ /* Length in number of bytes of the TLS sequence number */
#define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 #define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8
@ -1052,10 +1054,10 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
typedef struct typedef struct
{ {
unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; unsigned char client_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; unsigned char server_application_traffic_secret_N[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ]; unsigned char exporter_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ]; unsigned char resumption_master_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
} mbedtls_ssl_tls1_3_application_secrets; } mbedtls_ssl_tls1_3_application_secrets;
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)

46
library/ssl_misc.h
View File

@ -307,8 +307,6 @@
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) ) + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
#endif #endif
#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
#define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32 #define MBEDTLS_CLIENT_HELLO_RANDOM_LEN 32
#define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32 #define MBEDTLS_SERVER_HELLO_RANDOM_LEN 32
@ -724,7 +722,7 @@ struct mbedtls_ssl_handshake_params
/* Buffer holding digest of the handshake up to /* Buffer holding digest of the handshake up to
* but excluding the outgoing finished message. */ * but excluding the outgoing finished message. */
unsigned char digest[MBEDTLS_MD_MAX_SIZE]; unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t digest_len; size_t digest_len;
} finished_out; } finished_out;
@ -733,48 +731,10 @@ struct mbedtls_ssl_handshake_params
{ {
/* Buffer holding digest of the handshake up to but /* Buffer holding digest of the handshake up to but
* excluding the peer's incoming finished message. */ * excluding the peer's incoming finished message. */
unsigned char digest[MBEDTLS_MD_MAX_SIZE]; unsigned char digest[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t digest_len; size_t digest_len;
} finished_in; } finished_in;
#if defined(MBEDTLS_SSL_CLI_C)
/* Client, incoming ServerKeyExchange */
struct
{
uint8_t preparation_done;
} srv_key_exchange;
/* Client, incoming ServerHello */
struct
{
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_info_seen;
#else
int dummy;
#endif
} srv_hello_in;
/* Client, outgoing ClientKeyExchange */
struct
{
uint8_t preparation_done;
} cli_key_exch_out;
/* Client, outgoing Certificate Verify */
struct
{
uint8_t preparation_done;
} crt_vrfy_out;
/* Client, outgoing ClientHello */
struct
{
uint8_t preparation_done;
} cli_hello_out;
#endif /* MBEDTLS_SSL_CLI_C */
} state_local; } state_local;
/* End of state-local variables. */ /* End of state-local variables. */
@ -1222,7 +1182,7 @@ static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl ); int mbedtls_ssl_tls13_process_finished_out( mbedtls_ssl_context *ssl );
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );

2
library/ssl_tls13_client.c
View File

@ -1607,7 +1607,7 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
ret = mbedtls_ssl_tls13_process_finished_in( ssl ); ret = mbedtls_ssl_tls13_process_finished_message( ssl );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );

92
library/ssl_tls13_generic.c
View File

@ -847,69 +847,37 @@ cleanup:
/* /*
* *
* STATE HANDLING: Incoming Finished * STATE HANDLING: Incoming Finished message.
* Overview
*/ */
static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl );
static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context *ssl );
static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t buflen );
/* /*
* Implementation * Implementation
*/ */
int mbedtls_ssl_tls13_process_finished_in( mbedtls_ssl_context *ssl ) static int ssl_tls13_prepare_finished_in( mbedtls_ssl_context *ssl )
{
int ret = 0;
unsigned char *buf;
size_t buflen;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_in( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED,
&buf, &buflen ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_in( ssl, buf, buflen ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_in( ssl ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
return( ret );
}
static int ssl_tls13_preprocess_finished_in( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
ret = mbedtls_ssl_tls1_3_calculate_expected_finished( ssl, ret = mbedtls_ssl_tls13_calculate_verify_data( ssl,
ssl->handshake->state_local.finished_in.digest, ssl->handshake->state_local.finished_in.digest,
sizeof( ssl->handshake->state_local.finished_in.digest ), sizeof( ssl->handshake->state_local.finished_in.digest ),
&ssl->handshake->state_local.finished_in.digest_len, &ssl->handshake->state_local.finished_in.digest_len,
ssl->conf->endpoint ^ 1 ); ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ?
MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_calculate_expected_finished", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_calculate_verify_data", ret );
return( ret ); return( ret );
} }
return( 0 ); return( 0 );
} }
static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_finished_message( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t buflen ) const unsigned char *end )
{ {
/* Structural validation */ /* Structural validation */
if( buflen != ssl->handshake->state_local.finished_in.digest_len ) if( (size_t)( end - buf ) != ssl->handshake->state_local.finished_in.digest_len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
@ -918,10 +886,10 @@ static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (self-computed):", MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (self-computed):",
ssl->handshake->state_local.finished_in.digest, ssl->handshake->state_local.finished_in.digest,
ssl->handshake->state_local.finished_in.digest_len ); ssl->handshake->state_local.finished_in.digest_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "Hash (received message):", buf, MBEDTLS_SSL_DEBUG_BUF( 4, "verify_data (received message):", buf,
ssl->handshake->state_local.finished_in.digest_len ); ssl->handshake->state_local.finished_in.digest_len );
/* Semantic validation */ /* Semantic validation */
@ -938,7 +906,7 @@ static int ssl_tls13_parse_finished_in( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
static int ssl_tls13_finalize_finished_in_cli( mbedtls_ssl_context *ssl ) static int ssl_tls13_finalize_server_finished_message( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
mbedtls_ssl_key_set traffic_keys; mbedtls_ssl_key_set traffic_keys;
@ -985,8 +953,8 @@ static int ssl_tls13_finalize_finished_in_cli( mbedtls_ssl_context *ssl )
cleanup: cleanup:
mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) ); mbedtls_platform_zeroize( &traffic_keys, sizeof( mbedtls_ssl_key_set ) );
if( ret != 0) if( ret != 0 )
{ {
mbedtls_free( transform_application ); mbedtls_free( transform_application );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_PEND_FATAL_ALERT(
@ -996,17 +964,43 @@ cleanup:
return( ret ); return( ret );
} }
static int ssl_tls13_finalize_finished_in( mbedtls_ssl_context* ssl ) static int ssl_tls13_finalize_finished_message( mbedtls_ssl_context* ssl )
{ {
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
return( ssl_tls13_finalize_finished_in_cli( ssl ) ); return( ssl_tls13_finalize_server_finished_message( ssl ) );
} }
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl )
{
int ret = 0;
unsigned char *buf;
size_t buflen;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished_in" ) );
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_in( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED,
&buf, &buflen ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished_in" ) );
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */

6
library/ssl_tls13_keys.c
View File

@ -643,7 +643,7 @@ exit:
return( ret ); return( ret );
} }
int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl, int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,
unsigned char* dst, unsigned char* dst,
size_t dst_len, size_t dst_len,
size_t *actual_len, size_t *actual_len,
@ -660,7 +660,7 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type ); const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md ); size_t const md_size = mbedtls_md_get_size( md );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calculate_expected_finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_calculate_verify_data" ) );
if( dst_len < md_size ) if( dst_len < md_size )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@ -686,7 +686,7 @@ int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context* ssl,
*actual_len = md_size; *actual_len = md_size;
MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calculate_expected_finished" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_calculate_verify_data" ) );
exit: exit:

9
library/ssl_tls13_keys.h
View File

@ -605,16 +605,17 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys ); mbedtls_ssl_context* ssl, mbedtls_ssl_key_set *traffic_keys );
/** /**
* \brief Calculate content of TLS 1.3 Finished message. * \brief Calculate the verify_data value for the client or server TLS 1.3
* Finished message.
* *
* \param ssl The SSL context to operate on. This must be in * \param ssl The SSL context to operate on. This must be in
* key schedule stage \c Handshake, see * key schedule stage \c Handshake, see
* mbedtls_ssl_tls13_key_schedule_stage_application(). * mbedtls_ssl_tls13_key_schedule_stage_application().
* \param dst The address at which to write the Finished content. * \param dst The address at which to write the verify_data value.
* \param dst_len The size of \p dst in bytes. * \param dst_len The size of \p dst in bytes.
* \param actual_len The address at which to store the amount of data * \param actual_len The address at which to store the amount of data
* actually written to \p dst upon success. * actually written to \p dst upon success.
* \param from The endpoint the Finished message originates from: * \param from The message to calculate the `verify_data` for:
* - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message * - #MBEDTLS_SSL_IS_CLIENT for the Client's Finished message
* - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message * - #MBEDTLS_SSL_IS_SERVER for the Server's Finished message
* *
@ -625,7 +626,7 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
* \returns \c 0 on success. * \returns \c 0 on success.
* \returns A negative error code on failure. * \returns A negative error code on failure.
*/ */
int mbedtls_ssl_tls1_3_calculate_expected_finished( mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
unsigned char *dst, unsigned char *dst,
size_t dst_len, size_t dst_len,
size_t *actual_len, size_t *actual_len,