diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a669da67b..6af9964b8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2035,8 +2035,9 @@ static inline int mbedtls_ssl_sig_alg_is_supported( * 0 - default tag length * \param alg [out] corresponding PSA alg * There is no corresponding PSA - * alg for MBEDTLS_SSL_NULL_CIPHER, so - * MBEDTLS_SSL_NULL_CIPHER is returned + * alg for MBEDTLS_CIPHER_NULL, so + * in this case MBEDTLS_SSL_NULL_CIPHER + * is returned via this parameter * \param key_type [out] corresponding PSA key type * \param key_size [out] corresponding PSA key size * diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a0a3e44b8..a7370997d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5103,12 +5103,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) transform_expansion += transform->maclen; /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ + * Theoretically up to 256 bytes, but we never use + * more than the block size of the underlying cipher. */ transform_expansion += block_size; /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ + * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) transform_expansion += block_size; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2512c47e7..522e59e33 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2058,7 +2058,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, if( ( suite = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) == NULL || #if defined(MBEDTLS_USE_PSA_CRYPTO) - ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &key_type, &key_bits ) != PSA_SUCCESS) || + ( mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, + &key_type, &key_bits ) != PSA_SUCCESS ) || alg != PSA_ALG_CBC_NO_PADDING ) #else ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 00a9f8cad..2a7b29dbd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1475,10 +1475,9 @@ static int build_transforms( mbedtls_ssl_transform *t_in, &key_type, &key_bits ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); - mbedtls_fprintf( stderr, "mbedtls_ssl_cipher_to_psa: %d\n", (int)status); goto cleanup; } @@ -1496,7 +1495,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_in->psa_key_enc ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1507,7 +1506,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_out->psa_key_enc ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1520,7 +1519,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_in->psa_key_dec ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -1531,7 +1530,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, PSA_BITS_TO_BYTES( key_bits ), &t_out->psa_key_dec ); - if ( status != PSA_SUCCESS) + if ( status != PSA_SUCCESS ) { ret = psa_ssl_status_to_mbedtls( status ); goto cleanup; @@ -3307,7 +3306,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len ); - TEST_ASSERT( ret == 0 ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3468,7 +3467,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len ); - TEST_ASSERT( ret == 0 ); + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); @@ -3720,7 +3719,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, * Encrypt and decrypt the correct record, expecting success */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else @@ -3752,7 +3751,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* Encrypt */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else @@ -3795,7 +3794,7 @@ void ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* Encrypt */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, + TEST_EQUAL( 0, psa_cipher_encrypt_helper(&t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, rec.data_len, rec.buf + rec.data_offset, &olen ) ); #else