Change code based on comments

Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_misc.h

@@ -593,7 +593,7 @@ struct mbedtls_ssl_handshake_params
 
 #if defined(MBEDTLS_SSL_CLI_C)
     /*!<  Number of Hello Retry Request messages received from the server.  */
-    int hello_retry_requests_received;
+    int hello_retry_request_count;
 #endif /* MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \

library/ssl_tls.c

@@ -7630,9 +7630,9 @@ static int ssl_hash_transcript_core( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
     ret = mbedtls_ssl_get_handshake_transcript( ssl, md,
-                                          transcript + 4,
+                                                transcript + 4,
-                                          len - 4,
+                                                len - 4,
-                                          &hash_size );
+                                                &hash_size );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 4, "mbedtls_ssl_get_handshake_transcript", ret );
@@ -7689,7 +7689,7 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
     ssl_update_checksum_sha256( ssl, hash_transcript, hash_olen );
 #endif /* MBEDTLS_SHA256_C */
 
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA384_C)
     ret = ssl_hash_transcript_core( ssl, MBEDTLS_MD_SHA384,
                                     hash_transcript,
                                     sizeof( hash_transcript ),
@@ -7701,7 +7701,15 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
     }
     MBEDTLS_SSL_DEBUG_BUF( 4, "Truncated SHA-384 handshake transcript",
                            hash_transcript, hash_olen );
-#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_hash_abort( &ssl->handshake->fin_sha384_psa );
+    psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
+#else
+    mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+    ssl_update_checksum_sha384( ssl, hash_transcript, hash_olen );
+#endif /* MBEDTLS_SHA384_C */
 
     return( ret );
 }

library/ssl_tls13_client.c

@@ -136,7 +136,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
  */
 
 #if defined(MBEDTLS_ECDH_C)
-static int ssl_reset_ecdhe_share( mbedtls_ssl_context *ssl )
+static int ssl_tls13_reset_ecdhe_share( mbedtls_ssl_context *ssl )
 {
     mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx );
     return( 0 );
@@ -149,7 +149,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
     if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
-        return( ssl_reset_ecdhe_share( ssl ) );
+        return( ssl_tls13_reset_ecdhe_share( ssl ) );
     else if( 0 /* other KEMs? */ )
     {
         /* Do something */
@@ -421,7 +421,7 @@ static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ECDH_C */
 
-static int ssl_tls13_hrr_check_key_share_ext( mbedtls_ssl_context *ssl,
+static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
                                               const unsigned char *buf,
                                               const unsigned char *end )
 {
@@ -451,7 +451,7 @@ static int ssl_tls13_hrr_check_key_share_ext( mbedtls_ssl_context *ssl,
      * If the server provided a key share that was not sent in the ClientHello
      * then the client MUST abort the handshake with an "illegal_parameter" alert.
      */
-    for ( ; *group_list != 0; group_list++ )
+    for( ; *group_list != 0; group_list++ )
     {
         curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
         if( curve_info == NULL || curve_info->tls_id != tls_id )
@@ -938,7 +938,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
               * was itself in response to a HelloRetryRequest), it MUST abort the
               * handshake with an "unexpected_message" alert.
               */
-            if( ssl->handshake->hello_retry_requests_received > 0 )
+            if( ssl->handshake->hello_retry_request_count > 0 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "Multiple HRRs received" ) );
                 MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
@@ -946,7 +946,7 @@ static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
                 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
             }
 
-            ssl->handshake->hello_retry_requests_received++;
+            ssl->handshake->hello_retry_request_count++;
 
             break;
     }
@@ -1021,7 +1021,8 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
  */
 static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
                                          const unsigned char *buf,
-                                         const unsigned char *end)
+                                         const unsigned char *end,
+                                         int is_hrr )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const unsigned char *p = buf;
@@ -1165,9 +1166,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     {
         unsigned int extension_type;
         size_t extension_data_len;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-        int hrr;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 4 );
         extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -1181,6 +1179,14 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_COOKIE_C)
             case MBEDTLS_TLS_EXT_COOKIE:
 
+                if( !is_hrr )
+                {
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
+                        MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                    return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                }
+
                 /* Retrieve length field of cookie */
                 MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, 2 );
                 cookie_len = MBEDTLS_GET_UINT16_BE( p, 0 );
@@ -1226,16 +1232,15 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
             case MBEDTLS_TLS_EXT_KEY_SHARE:
-                hrr = ssl_server_hello_is_hrr( ssl, buf, end );
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) );
-                if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
+                if( is_hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
-                    ret = ssl_tls13_hrr_check_key_share_ext( ssl,
+                    ret = ssl_tls13_parse_hrr_key_share_ext( ssl,
                                             p, p + extension_data_len );
-                else if( hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
+                else if( is_hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
                     ret = ssl_tls13_parse_key_share_ext( ssl,
                                             p, p + extension_data_len );
                 else
-                    ret = hrr;
+                    ret = is_hrr;
                 if( ret != 0 )
                 {
                     MBEDTLS_SSL_DEBUG_RET( 1,
@@ -1422,7 +1427,7 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *buf = NULL;
     size_t buf_len = 0;
-    int hrr = -1;
+    int is_hrr = -1;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> %s", __func__ ) );
 
@@ -1435,32 +1440,28 @@ static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
     ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
 
     ret = ssl_tls13_server_hello_coordinate( ssl, &buf, &buf_len );
-    if( ret != SSL_SERVER_HELLO_COORDINATE_HELLO &&
+    if( ret < 0 )
-        ret != SSL_SERVER_HELLO_COORDINATE_HRR )
         goto cleanup;
     else
-        hrr = ret;
+        is_hrr = ( ret == SSL_SERVER_HELLO_COORDINATE_HRR );
     /* Parsing step
      * We know what message to expect by now and call
      * the respective parsing function.
      */
     MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
-                                                        buf + buf_len ) );
+                                                        buf + buf_len,
-    if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
+                                                        is_hrr ) );
+    if( is_hrr )
         MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
 
     mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
                                               MBEDTLS_SSL_HS_SERVER_HELLO,
                                               buf, buf_len );
 
-    if( hrr == SSL_SERVER_HELLO_COORDINATE_HELLO )
+    if( is_hrr )
-    {
-        MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
-    }
-    else if( hrr == SSL_SERVER_HELLO_COORDINATE_HRR )
-    {
         MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_hrr( ssl ) );
-    }
+    else
+        MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
 
 cleanup:
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= %s", __func__ ) );