AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Encrypted Extensions: Align code style and some check logic

Browse Source 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2021-10-11 10:05:54 +00:00
parent 08da26c58f
commit 97799ac27b
1 changed files with 34 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
library/ssl_tls13_client.c
View File

@ -1408,17 +1408,17 @@ cleanup:
*/
/* Main entry point; orchestrates the other functions */
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
int ret;
unsigned char *buf;
@ -1431,12 +1431,13 @@ static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
&buf, &buf_len ) );
/* Process the message contents */
MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
cleanup:
@ -1447,33 +1448,22 @@ cleanup:
/* Parse EncryptedExtensions message
* struct {
* Extension extensions<0..2^16-1>;
* Extension extensions<0..2^16-1>;
* } EncryptedExtensions;
*/
static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
{
int ret = 0;
size_t extensions_len;
const unsigned char *p = buf;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
/* Checking for an extension length that isn't aligned with the rest
* of the message */
if( p + extensions_len != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
while( p < end )
{
@ -1482,8 +1472,8 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
/*
* struct {
* ExtensionType extension_type; (2 bytes)
* opaque extension_data<0..2^16-1>;
* ExtensionType extension_type; (2 bytes)
* opaque extension_data<0..2^16-1>;
* } Extension;
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
@ -1493,7 +1483,7 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
/* TBD: The client MUST check EncryptedExtensions for the
/* The client MUST check EncryptedExtensions for the
* presence of any forbidden extensions and if any are found MUST abort
* the handshake with an "unsupported_extension" alert.
*/
@ -1505,27 +1495,31 @@ static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
break;
default:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) );
MBEDTLS_SSL_DEBUG_MSG(
3, ( "unsupported extension found: %u ", extension_type) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, \
MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
break;
}
extensions_len -= 4 + extension_data_len;
p += extension_data_len;
}
/* Checking for an extension length that is too short */
if( extensions_len > 0 && extensions_len < 4 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/* Check that we consumed all the message. */
if( p != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
return( ret );
}
static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
return( 0 );
@ -1643,7 +1637,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
ret = ssl_tls1_3_process_encrypted_extensions( ssl );
ret = ssl_tls13_process_encrypted_extensions( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST: