fix various issues

- unnecessary comments - format issue - improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-04-09 21:44:28 +00:00 · 2022-07-21 10:37:48 +08:00 · 2022-07-21 10:37:48 +08:00 · fca4d579a4
commit fca4d579a4
parent 6cb4fcd1a5
2 changed files with 15 additions and 13 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2853,7 +2853,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session,
    }

    /* Forward to version-specific serialization routine. */
-    remaining_len = used <= buf_len ? buf_len - used : 0;
+    remaining_len = (buf_len >= used) ? buf_len - used : 0;
    switch( session->tls_version )
    {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -588,7 +588,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
    /* Store minor version for later use with ticket serialization. */
    ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#endif

    /* ...
     * Random random;
@ -1814,11 +1814,10 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
    mbedtls_ssl_tls13_handshake_wrapup( ssl );

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    mbedtls_ssl_handshake_set_state( ssl,
-                                     MBEDTLS_SSL_NEW_SESSION_TICKET );
-#else /* MBEDTLS_SSL_SESSION_TICKETS */
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET );
+#else
    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
-#endif /* !MBEDTLS_SSL_SESSION_TICKETS */
+#endif
    return( 0 );
 }

@ -1883,8 +1882,12 @@ static int ssl_tls13_prepare_new_session_ticket( mbedtls_ssl_context *ssl,
                (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
    psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
    hash_length = PSA_HASH_LENGTH( psa_hash_alg );
-    if( hash_length == -1 )
+    if( hash_length == -1 ||
+        hash_length > (int)sizeof( session->resumption_key ) )
+    {
        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
    /* In this code the psk key length equals the length of the hash */
    session->resumption_key_len = hash_length;
    session->ciphersuite = ciphersuite_info->id;
@ -2059,18 +2062,17 @@ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl )
                                  ssl, buf, buf + buf_len, &msg_len,
                                  ticket_nonce, sizeof( ticket_nonce ) ) );

-        mbedtls_ssl_handshake_set_state( ssl,
-                                         MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH );
-
        MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
                                  ssl, buf_len, msg_len ) );
+
+        mbedtls_ssl_handshake_set_state( ssl,
+                                         MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH );
    }
    else
    {
        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
    }

-
 cleanup:

    return( ret );