Encrypted Extensions: Align code style and some check logic
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 13fb470..f7f7eaa 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1408,17 +1408,17 @@
*/
/* Main entry point; orchestrates the other functions */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end );
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end );
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
int ret;
unsigned char *buf;
@@ -1431,12 +1431,13 @@
&buf, &buf_len ) );
/* Process the message contents */
- MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
+ MBEDTLS_SSL_PROC_CHK(
+ ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
- MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) );
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
cleanup:
@@ -1447,33 +1448,22 @@
/* Parse EncryptedExtensions message
* struct {
- * Extension extensions<0..2^16-1>;
+ * Extension extensions<0..2^16-1>;
* } EncryptedExtensions;
*/
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
- const unsigned char *buf,
- const unsigned char *end )
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
{
int ret = 0;
size_t extensions_len;
const unsigned char *p = buf;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
- extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
-
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- /* Checking for an extension length that isn't aligned with the rest
- * of the message */
- if( p + extensions_len != end )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
- MBEDTLS_ERR_SSL_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
while( p < end )
{
@@ -1482,8 +1472,8 @@
/*
* struct {
- * ExtensionType extension_type; (2 bytes)
- * opaque extension_data<0..2^16-1>;
+ * ExtensionType extension_type; (2 bytes)
+ * opaque extension_data<0..2^16-1>;
* } Extension;
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
@@ -1493,7 +1483,7 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
- /* TBD: The client MUST check EncryptedExtensions for the
+ /* The client MUST check EncryptedExtensions for the
* presence of any forbidden extensions and if any are found MUST abort
* the handshake with an "unsupported_extension" alert.
*/
@@ -1505,27 +1495,31 @@
break;
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) );
+ MBEDTLS_SSL_DEBUG_MSG(
+ 3, ( "unsupported extension found: %u ", extension_type) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT, \
+ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
break;
}
- extensions_len -= 4 + extension_data_len;
p += extension_data_len;
+ }
- /* Checking for an extension length that is too short */
- if( extensions_len > 0 && extensions_len < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
- MBEDTLS_ERR_SSL_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
+ /* Check that we consumed all the message. */
+ if( p != end )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
+ MBEDTLS_ERR_SSL_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
return( ret );
}
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
return( 0 );
@@ -1643,7 +1637,7 @@
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
- ret = ssl_tls1_3_process_encrypted_extensions( ssl );
+ ret = ssl_tls13_process_encrypted_extensions( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_REQUEST: