lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

fix comment issues

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
2022-01-12 11:17:02 +08:00
parent f0fede56a6
commit b925f21806
3 changed files with 26 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_srv.c
View File

@@ -317,6 +317,11 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* The TLS 1.3 supported groups extension was defined to be a compatible
* generalization of the TLS 1.2 supported elliptic curves extension. They both
* share the same extension identifier.
*/
static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl, static int ssl_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )

30
library/ssl_tls.c
View File

@@ -7193,9 +7193,11 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* /*
* Functions for writing supported_groups extension. * Function for writing a supported groups (TLS 1.3) or supported elliptic
* curves (TLS 1.2) extension.
* *
* Stucture of supported_groups from RFC8446: * The "extension_data" field of a supported groups extension contains a
* "NamedGroupList" value (TLS 1.3 RFC8446):
* enum { * enum {
* secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019), * secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
* x25519(0x001D), x448(0x001E), * x25519(0x001D), x448(0x001E),
@@ -7208,7 +7210,9 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
* struct { * struct {
* NamedGroup named_group_list<2..2^16-1>; * NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList; * } NamedGroupList;
* From RFC8422: *
* The "extension_data" field of a supported elliptic curves extension contains
* a "NamedCurveList" value (TLS 1.2 RFC 8422):
* enum { * enum {
* deprecated(1..22), * deprecated(1..22),
* secp256r1 (23), secp384r1 (24), secp521r1 (25), * secp256r1 (23), secp384r1 (24), secp521r1 (25),
@@ -7221,9 +7225,11 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
* NamedCurve named_curve_list<2..2^16-1> * NamedCurve named_curve_list<2..2^16-1>
* } NamedCurveList; * } NamedCurveList;
* *
* RFC8422 and RFC8446 share simillar structure and same extension id. * The TLS 1.3 supported groups extension was defined to be a compatible
* generalization of the TLS 1.2 supported elliptic curves extension. They both
* share the same extension identifier.
* *
* DHE groups hasn't been supported yet. * DHE groups are not supported yet.
*/ */
int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
@@ -7264,15 +7270,13 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
{ {
const mbedtls_ecp_curve_info *curve_info; const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list ); curve_info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( curve_info != NULL ) if( curve_info == NULL )
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
curve_info->name, *group_list ) );
continue; continue;
} MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *group_list, p, 0 );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "NamedGroup: %s ( %x )",
curve_info->name, *group_list ) );
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
/* Add DHE groups here */ /* Add DHE groups here */

24
library/ssl_tls13_client.c
View File

@@ -613,12 +613,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
p += output_len; p += output_len;
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* Write supported_groups extension
* /*
* It is REQUIRED for ECDHE cipher_suites. * Add the extensions related to (EC)DHE ephemeral key establishment only if
* enabled as per the configuration.
*/ */
/* Skip the extensions on the client if all allowed key exchanges
* are PSK-based. */
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{ {
ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len ); ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
@@ -626,26 +625,11 @@ static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
p += output_len; p += output_len;
/* Write key_share extension
*
* We need to send the key shares under three conditions:
* 1) A certificate-based ciphersuite is being offered. In this case
* supported_groups and supported_signature extensions have been
* successfully added.
* 2) A PSK-based ciphersuite with ECDHE is offered. In this case the
* psk_key_exchange_modes has been added as the last extension.
* 3) Or, in case all ciphers are supported ( which includes #1 and #2
* from above )
*/
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len ); ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
p += output_len; p += output_len;
/* Write signature_algorithms extension
*
* It is REQUIRED for certificate authenticated cipher_suites.
*/
ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len ); ret = mbedtls_ssl_tls13_write_sig_alg_ext( ssl, p, end, &output_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );