From e3131ef7f34055748d11e1e252124cf6c561a899 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Thu, 16 Sep 2021 13:14:15 +0800
Subject: [PATCH] fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_misc.h       |  2 +-
 library/ssl_msg.c        |  2 +-
 library/ssl_tls13_keys.c | 36 ++++++++++++++++++++----------------
 library/ssl_tls13_keys.h |  2 +-
 4 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8c5a32d67..1b5861c63 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1532,7 +1532,7 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                                size_t total_hs_len );
 
 /*
- * Update checksum of handshake message
+ * Update checksum of handshake messages.
  */
 void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
                                                unsigned hs_type,
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fcdd0249b..ea1d535a0 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5565,7 +5565,7 @@ void mbedtls_ssl_set_outbound_transform( mbedtls_ssl_context *ssl,
                                          mbedtls_ssl_transform *transform )
 {
     ssl->transform_out = transform;
-    mbedtls_platform_zeroize( ssl->cur_out_ctr, 8 );
+    mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) );
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 7e6526819..bfc3103fc 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -21,14 +21,16 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
-#include "mbedtls/hkdf.h"
-#include "ssl_misc.h"
-#include "ssl_tls13_keys.h"
-#include "mbedtls/debug.h"
-
 #include <stdint.h>
 #include <string.h>
 
+#include "mbedtls/hkdf.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/error.h"
+
+#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
+
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
     .name = string,
 
@@ -820,24 +822,25 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
     return( 0 );
 }
 
-int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
 {
-    int ret = 0;
-
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    mbedtls_md_type_t md_type;
+    const unsigned char *input = NULL;
+    size_t input_len = 0;
     if( ssl->handshake->ciphersuite_info == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher suite info not found" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
-    const unsigned char *input = NULL;
-    size_t input_len = 0;
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     input = ssl->handshake->psk;
     input_len = ssl->handshake->psk_len;
 #endif
     ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, input, input_len,
-                                            ssl->handshake->tls13_master_secrets.early );
+                                ssl->handshake->tls13_master_secrets.early );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
@@ -876,9 +879,9 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
     md_size = mbedtls_md_get_size( md_info );
 
     ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
-                                                      transcript,
-                                                      sizeof( transcript ),
-                                                      &transcript_len );
+                                                transcript,
+                                                sizeof( transcript ),
+                                                &transcript_len );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1,
@@ -893,7 +896,8 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,
                 &ssl->handshake->tls13_hs_secrets );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_early_secrets", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
+                               ret );
         return( ret );
     }
 
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7176dee0a..407b5d613 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -534,7 +534,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  */
-int mbedtls_ssl_tls13_key_schedule_stage_early_data( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
 
 /**
  * \brief Compute TLS 1.3 handshake traffic keys.