From 95d5f549f1edb4a112bc2e43a61bc419ce8824a2 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Fri, 24 Jun 2022 02:29:26 +0000 Subject: [PATCH] Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian --- library/ssl_tls.c | 49 +++++++++++++++++++++++--------------- library/ssl_tls13_server.c | 2 +- tests/ssl-opt.sh | 6 ++--- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index faf807fc59..8fe74f16c1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8292,8 +8292,8 @@ int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { const unsigned char *p = buf; size_t protocol_name_list_len; - - const unsigned char *protocol_name; + const unsigned char *protocol_name_list; + const unsigned char *protocol_name_list_end; size_t protocol_name_len; /* If ALPN not configured, just ignore the extension */ @@ -8319,36 +8319,46 @@ int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, protocol_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 ); p += 2; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, protocol_name_list_len ); + protocol_name_list = p; + protocol_name_list_end = p + protocol_name_list_len; /* Validate peer's list (lengths) */ - for( protocol_name = p; protocol_name != end; - protocol_name += protocol_name_len ) + while( p < protocol_name_list_end ) { - protocol_name_len = *protocol_name++; - MBEDTLS_SSL_CHK_BUF_READ_PTR( protocol_name, end, protocol_name_len ); + protocol_name_len = *p++; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, protocol_name_list_end, + protocol_name_len ); if( protocol_name_len == 0 ) + { + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + p += protocol_name_len; } /* Use our order of preference */ for( const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++ ) { size_t const alpn_len = strlen( *alpn ); - for( protocol_name = p; protocol_name != end; - protocol_name += protocol_name_len ) + p = protocol_name_list; + while( p < protocol_name_list_end ) { - protocol_name_len = *protocol_name++; - + protocol_name_len = *p++; if( protocol_name_len == alpn_len && - memcmp( protocol_name, *alpn, alpn_len ) == 0 ) + memcmp( p, *alpn, alpn_len ) == 0 ) { ssl->alpn_chosen = *alpn; return( 0 ); } + + p += protocol_name_len; } } - /* If we get hhere, no match was found */ + /* If we get here, no match was found */ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL, MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL ); @@ -8361,6 +8371,7 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, size_t *out_len ) { unsigned char *p = buf; + size_t protocol_name_len; *out_len = 0; if( ssl->alpn_chosen == NULL ) @@ -8368,7 +8379,8 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, return( 0 ); } - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 + strlen( ssl->alpn_chosen ) ); + protocol_name_len = strlen( ssl->alpn_chosen ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 7 + protocol_name_len ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server side, adding alpn extension" ) ); /* @@ -8380,14 +8392,13 @@ int mbedtls_ssl_write_alpn_ext( mbedtls_ssl_context *ssl, */ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 ); - *out_len = 7 + strlen( ssl->alpn_chosen ); + *out_len = 7 + protocol_name_len; - MBEDTLS_PUT_UINT16_BE( *out_len - 4, p, 2 ); - MBEDTLS_PUT_UINT16_BE( *out_len - 6, p, 4 ); - p[6] = MBEDTLS_BYTE_0( *out_len - 7 ); - p += 7; + MBEDTLS_PUT_UINT16_BE( protocol_name_len + 3, p, 2 ); + MBEDTLS_PUT_UINT16_BE( protocol_name_len + 1, p, 4 ); + p[6] = MBEDTLS_BYTE_0( protocol_name_len ); - memcpy( p, ssl->alpn_chosen, *out_len - 7 ); + memcpy( p + 7, ssl->alpn_chosen, protocol_name_len ); return ( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2ee67bf1a8..7114501881 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1403,7 +1403,7 @@ static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_write_alpn_ext( ssl, p, end, &output_len ); if( ret != 0 ) return( ret ); - p += output_len; + p += output_len; #endif /* MBEDTLS_SSL_ALPN */ extensions_len = ( p - p_extensions_len ) - 2; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0178e7e27b..9e533362ab 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10512,9 +10512,8 @@ run_test "TLS 1.3: alpn - gnutls" \ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN run_test "TLS 1.3: server alpn - openssl" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ @@ -10528,9 +10527,8 @@ run_test "TLS 1.3: server alpn - openssl" \ requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN run_test "TLS 1.3: server alpn - gnutls" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \