commit 97799ac27bb095d1966aa0abce294cb076fa7706
author XiaokangQian <xiaokang.qian@arm.com> Mon Oct 11 10:05:54 2021 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Thu Oct 28 01:49:37 2021 +0000
tree a597166ee3ac3a3f27b99518c24dbf2a1e1a828b
parent 08da26c58f959ba4e93498d3ed626717b5ee1cdf

Encrypted Extensions: Align code style and some check logic

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 13fb470..f7f7eaa 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1408,17 +1408,17 @@
  */
 
 /* Main entry point; orchestrates the other functions */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
 
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  const unsigned char *end );
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+                                                 const unsigned char *buf,
+                                                 const unsigned char *end );
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
 
 /*
  * Handler for  MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
  */
-static int ssl_tls1_3_process_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     int ret;
     unsigned char *buf;
@@ -1431,12 +1431,13 @@
                                              &buf, &buf_len ) );
 
     /* Process the message contents */
-    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
+    MBEDTLS_SSL_PROC_CHK(
+        ssl_tls13_parse_encrypted_extensions( ssl, buf, ( buf + buf_len ) ) );
 
     mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
         ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSION, buf, buf_len );
 
-    MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_postprocess_encrypted_extensions( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
 
 cleanup:
 
@@ -1447,33 +1448,22 @@
 
 /* Parse EncryptedExtensions message
  * struct {
- * Extension extensions<0..2^16-1>;
+ *     Extension extensions<0..2^16-1>;
  * } EncryptedExtensions;
  */
-static int ssl_tls1_3_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  const unsigned char *end )
+static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
+                                                 const unsigned char *buf,
+                                                 const unsigned char *end )
 {
     int ret = 0;
     size_t extensions_len;
     const unsigned char *p = buf;
 
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
-
+    extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
     p += 2;
 
-    /* Checking for an extension length that isn't aligned with the rest
-     * of the message */
-    if( p + extensions_len != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
-        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions extensions", p, extensions_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "encrypted extensions", p, extensions_len );
 
     while( p < end )
     {
@@ -1482,8 +1472,8 @@
 
         /*
          * struct {
-         * ExtensionType extension_type; (2 bytes)
-         * opaque extension_data<0..2^16-1>;
+         *     ExtensionType extension_type; (2 bytes)
+         *     opaque extension_data<0..2^16-1>;
          * } Extension;
          */
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
@@ -1493,7 +1483,7 @@
 
         MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
 
-        /* TBD: The client MUST check EncryptedExtensions for the
+        /* The client MUST check EncryptedExtensions for the
          * presence of any forbidden extensions and if any are found MUST abort
          * the handshake with an "unsupported_extension" alert.
          */
@@ -1505,27 +1495,31 @@
                 break;
 
             default:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unsupported extension found: %d ( ignoring )", extension_type) );
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "unsupported extension found: %u ", extension_type) );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,   \
+                    MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+                return ( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
                 break;
         }
 
-        extensions_len -= 4 + extension_data_len;
         p += extension_data_len;
+    }
 
-        /* Checking for an extension length that is too short */
-        if( extensions_len > 0 && extensions_len < 4 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad encrypted extensions message" ) );
-            MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
-                                          MBEDTLS_ERR_SSL_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
-        }
+    /* Check that we consumed all the message. */
+    if( p != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "EncryptedExtension lengths misaligned" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,   \
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
     return( ret );
 }
 
-static int ssl_tls1_3_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
+static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
     return( 0 );
@@ -1643,7 +1637,7 @@
             break;
 
         case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
-            ret = ssl_tls1_3_process_encrypted_extensions( ssl );
+            ret = ssl_tls13_process_encrypted_extensions( ssl );
             break;
 
         case MBEDTLS_SSL_CERTIFICATE_REQUEST: