lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Encrypted Extensions: Align code style and some check logic

Browse Source 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian
2021-10-11 10:05:54 +00:00
parent 08da26c58f
commit 97799ac27b
1 changed files with 34 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
library/ssl_tls13_client.c
View File

@ -1408,17 +1408,17 @@ cleanup:
*/ */
/* Main entry point; orchestrates the other functions */ /* Main entry point; orchestrates the other functions */
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl ); static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ); const unsigned char *end );
static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl ); static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
/* /*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS * Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/ */
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl ) static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
unsigned char *buf; unsigned char *buf;
@ -1431,12 +1431,13 @@ static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
&buf, &buf_len ) ); &buf, &buf_len ) );
/* Process the message contents */ /* Process the message contents */
MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) ); MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len ); ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
cleanup: cleanup:
@ -1450,7 +1451,7 @@ cleanup:
* Extension extensions<0..2^16-1>; * Extension extensions<0..2^16-1>;
* } EncryptedExtensions; * } EncryptedExtensions;
*/ */
static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl, static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
const unsigned char *end ) const unsigned char *end )
{ {
@ -1459,21 +1460,10 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *p = buf; const unsigned char *p = buf;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
extensions_len = MBEDTLS_GET_UINT16_BE(p, 0); extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2; p += 2;
/* Checking for an extension length that isn't aligned with the rest MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
* of the message */
if( p + extensions_len != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
while( p < end ) while( p < end )
{ {
@ -1493,7 +1483,7 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
/* TBD: The client MUST check EncryptedExtensions for the /* The client MUST check EncryptedExtensions for the
* presence of any forbidden extensions and if any are found MUST abort * presence of any forbidden extensions and if any are found MUST abort
* the handshake with an "unsupported_extension" alert. * the handshake with an "unsupported_extension" alert.
*/ */
@ -1505,27 +1495,31 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
break; break;
default: default:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) ); MBEDTLS_SSL_DEBUG_MSG(
3, ( "unsupported extension found: %u ", extension_type) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, \
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
break; break;
} }
extensions_len -= 4 + extension_data_len;
p += extension_data_len; p += extension_data_len;
}
/* Checking for an extension length that is too short */ /* Check that we consumed all the message. */
if( extensions_len > 0 && extensions_len < 4 ) if( p != end )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR ); MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR );
} }
}
return( ret ); return( ret );
} }
static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl ) static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{ {
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
return( 0 ); return( 0 );
@ -1643,7 +1637,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break; break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
ret = ssl_tls1_3_process_encrypted_extensions( ssl ); ret = ssl_tls13_process_encrypted_extensions( ssl );
break; break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST: case MBEDTLS_SSL_CERTIFICATE_REQUEST: