mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Change code based on comments
Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
parent
8945db36ab
commit
d9e068e10b
@ -593,7 +593,7 @@ struct mbedtls_ssl_handshake_params
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
/*!< Number of Hello Retry Request messages received from the server. */
|
||||
int hello_retry_requests_received;
|
||||
int hello_retry_request_count;
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
|
@ -7630,9 +7630,9 @@ static int ssl_hash_transcript_core( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
ret = mbedtls_ssl_get_handshake_transcript( ssl, md,
|
||||
transcript + 4,
|
||||
len - 4,
|
||||
&hash_size );
|
||||
transcript + 4,
|
||||
len - 4,
|
||||
&hash_size );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 4, "mbedtls_ssl_get_handshake_transcript", ret );
|
||||
@ -7689,7 +7689,7 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
|
||||
ssl_update_checksum_sha256( ssl, hash_transcript, hash_olen );
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA384,
|
||||
hash_transcript,
|
||||
sizeof( hash_transcript ),
|
||||
@ -7701,7 +7701,15 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
|
||||
hash_transcript, hash_olen );
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
|
||||
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
||||
#else
|
||||
mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
|
||||
#endif
|
||||
ssl_update_checksum_sha384( ssl, hash_transcript, hash_olen );
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
@ -136,7 +136,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
static int ssl_reset_ecdhe_share( mbedtls_ssl_context *ssl )
|
||||
static int ssl_tls13_reset_ecdhe_share( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx );
|
||||
return( 0 );
|
||||
@ -149,7 +149,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
||||
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
|
||||
return( ssl_reset_ecdhe_share( ssl ) );
|
||||
return( ssl_tls13_reset_ecdhe_share( ssl ) );
|
||||
else if( 0 /* other KEMs? */ )
|
||||
{
|
||||
/* Do something */
|
||||
@ -421,7 +421,7 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
static int ssl_tls13_hrr_check_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
const unsigned char *end )
|
||||
{
|
||||
@ -451,7 +451,7 @@ static int ssl_tls13_hrr_check_key_share_ext( mbedtls_ssl_context *ssl,
|
||||
* If the server provided a key share that was not sent in the ClientHello
|
||||
* then the client MUST abort the handshake with an "illegal_parameter" alert.
|
||||
*/
|
||||
for ( ; *group_list != 0; group_list++ )
|
||||
for( ; *group_list != 0; group_list++ )
|
||||
{
|
||||
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
|
||||
if( curve_info == NULL || curve_info->tls_id != tls_id )
|
||||
@ -938,7 +938,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
|
||||
* was itself in response to a HelloRetryRequest), it MUST abort the
|
||||
* handshake with an "unexpected_message" alert.
|
||||
*/
|
||||
if( ssl->handshake->hello_retry_requests_received > 0 )
|
||||
if( ssl->handshake->hello_retry_request_count > 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Multiple HRRs received" ) );
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
|
||||
@ -946,7 +946,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
|
||||
ssl->handshake->hello_retry_requests_received++;
|
||||
ssl->handshake->hello_retry_request_count++;
|
||||
|
||||
break;
|
||||
}
|
||||
@ -1021,7 +1021,8 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
const unsigned char *end)
|
||||
const unsigned char *end,
|
||||
int is_hrr )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *p = buf;
|
||||
@ -1165,9 +1166,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
{
|
||||
unsigned int extension_type;
|
||||
size_t extension_data_len;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
int hrr;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
|
||||
extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
@ -1181,6 +1179,14 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
#if defined(MBEDTLS_SSL_COOKIE_C)
|
||||
case MBEDTLS_TLS_EXT_COOKIE:
|
||||
|
||||
if( !is_hrr )
|
||||
{
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
|
||||
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
|
||||
}
|
||||
|
||||
/* Retrieve length field of cookie */
|
||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 2 );
|
||||
cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
@ -1226,16 +1232,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_KEY_SHARE:
|
||||
hrr = ssl_server_hello_is_hrr( ssl, buf, end );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
|
||||
if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
|
||||
ret = ssl_tls13_hrr_check_key_share_ext( ssl,
|
||||
if( is_hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
|
||||
ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
|
||||
p, p + extension_data_len );
|
||||
else if( hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
|
||||
else if( is_hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
|
||||
ret = ssl_tls13_parse_key_share_ext( ssl,
|
||||
p, p + extension_data_len );
|
||||
else
|
||||
ret = hrr;
|
||||
ret = is_hrr;
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1,
|
||||
@ -1422,7 +1427,7 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *buf = NULL;
|
||||
size_t buf_len = 0;
|
||||
int hrr = -1;
|
||||
int is_hrr = -1;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) );
|
||||
|
||||
@ -1435,32 +1440,28 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
|
||||
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
|
||||
|
||||
ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );
|
||||
if( ret != SSL_SERVER_HELLO_COORDINATE_HELLO &&
|
||||
ret != SSL_SERVER_HELLO_COORDINATE_HRR )
|
||||
if( ret < 0 )
|
||||
goto cleanup;
|
||||
else
|
||||
hrr = ret;
|
||||
is_hrr = ( ret == SSL_SERVER_HELLO_COORDINATE_HRR );
|
||||
/* Parsing step
|
||||
* We know what message to expect by now and call
|
||||
* the respective parsing function.
|
||||
*/
|
||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
|
||||
buf + buf_len ) );
|
||||
if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
|
||||
buf + buf_len,
|
||||
is_hrr ) );
|
||||
if( is_hrr )
|
||||
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
|
||||
|
||||
mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
|
||||
MBEDTLS_SSL_HS_SERVER_HELLO,
|
||||
buf, buf_len );
|
||||
|
||||
if( hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
|
||||
{
|
||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
|
||||
}
|
||||
else if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
|
||||
{
|
||||
if( is_hrr )
|
||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_hrr( ssl ) );
|
||||
}
|
||||
else
|
||||
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
|
||||
|
||||
cleanup:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s", __func__ ) );
|
||||
|
Loading…
x
Reference in New Issue
Block a user