fix various issues
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 2fbcdf0..21644ed 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -398,6 +398,7 @@
size_t certificate_list_len = 0;
const unsigned char *p = buf;
const unsigned char *certificate_list_end;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
certificate_request_context_len = p[0];
@@ -507,7 +508,7 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, extensions_len );
extensions_end = p + extensions_len;
- ssl->handshake->received_extensions = MBEDTLS_SSL_EXT_NONE;
+ handshake->received_extensions = MBEDTLS_SSL_EXT_NONE;
while( p < extensions_end )
{
@@ -527,9 +528,9 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, extensions_end, extension_data_len );
- ret = mbedtls_tls13_check_received_extensions(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
- MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT );
+ ret = mbedtls_ssl_tls13_check_received_extension(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE, extension_type,
+ MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CT );
if( ret != 0 )
return( ret );
@@ -547,7 +548,7 @@
}
MBEDTLS_SSL_TLS1_3_PRINT_EXTS(
- 3, MBEDTLS_SSL_HS_CERTIFICATE, ssl->handshake->received_extensions );
+ 3, MBEDTLS_SSL_HS_CERTIFICATE, handshake->received_extensions );
}
exit:
@@ -555,7 +556,7 @@
if( p != end )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad Certificate message" ) );
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
@@ -1759,43 +1760,46 @@
*
*/
-int mbedtls_tls13_check_received_extensions( mbedtls_ssl_context *ssl,
- int hs_msg_type,
- uint32_t extension_type,
- uint32_t allowed_mask )
+int mbedtls_ssl_tls13_check_received_extension(
+ mbedtls_ssl_context *ssl,
+ int hs_msg_type,
+ unsigned int received_extension_type,
+ uint32_t hs_msg_allowed_extensions_mask )
{
- uint32_t extension_mask;
-
#if defined(MBEDTLS_DEBUG_C)
const char *hs_msg_name = ssl_tls13_get_hs_msg_name( hs_msg_type );
#endif
-
- extension_mask = mbedtls_tls13_get_extension_mask( extension_type );
+ uint32_t extension_mask = mbedtls_tls13_get_extension_mask( received_extension_type );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "%s : received %s(%x) extension",
hs_msg_name,
- mbedtls_tls13_get_extension_name( extension_type ),
- (unsigned int)extension_type ) );
+ mbedtls_tls13_get_extension_name( received_extension_type ),
+ (unsigned int)received_extension_type ) );
- if( ( extension_mask & allowed_mask ) == 0 )
+ if( ( extension_mask & hs_msg_allowed_extensions_mask ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG(
3, ( "%s : forbidden extension received.", hs_msg_name ) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
ssl->handshake->received_extensions |= extension_mask;
+ /*
+ * If it is a message containing extension responses, check that we
+ * previously sent the extension.
+ */
switch( hs_msg_type )
{
case MBEDTLS_SSL_HS_SERVER_HELLO:
case -MBEDTLS_SSL_HS_SERVER_HELLO: // HRR does not have IANA value.
case MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS:
case MBEDTLS_SSL_HS_CERTIFICATE:
- if( ( ~ssl->handshake->sent_extensions & extension_mask ) == 0 )
+ /* Check if the received extension is sent by peer message.*/
+ if( ( ssl->handshake->sent_extensions & extension_mask ) != 0 )
return( 0 );
break;
default:
@@ -1803,11 +1807,11 @@
}
MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "%s : forbidden extension received.", hs_msg_name ) );
+ 3, ( "%s : unexpected extension received.", hs_msg_name ) );
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT,
- MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
- return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
+ return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION );
}
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */