Improve and fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index f20542e..eeb586d 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -621,15 +621,6 @@
* Random random;
* ...
*
- * with for TLS 1.2
- * struct {
- * uint32 gmt_unix_time;
- * opaque random_bytes[28];
- * } Random;
- *
- * and for TLS 1.3
- * opaque Random[32];
- *
* The random bytes have been prepared by ssl_prepare_client_hello() into
* the handshake->randbytes buffer and are copied here into the output
* buffer.
@@ -652,7 +643,7 @@
* opaque legacy_session_id<0..32>;
* ...
*
- * The (legacy) session identifier bytes have been by
+ * The (legacy) session identifier bytes have been prepared by
* ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
* and are copied here into the output buffer.
*/
@@ -890,9 +881,9 @@
}
/*
- * But when responding to a verify request where we MUST reuse the
- * previoulsy generated random bytes (RFC 6347 4.2.1), generate the
- * random bytes.
+ * Generate the random bytes, except when responding to a verify request
+ * where we MUST reuse the previoulsy generated random bytes
+ * (RFC 6347 4.2.1).
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
@@ -908,9 +899,10 @@
}
/*
- * Prepare session identifier. But in the case of a TLS 1.2 session
- * renegotiation or session resumption, the initial value of the session
- * identifier length below is equal to zero.
+ * Prepare session identifier. At that point, the length of the session
+ * identifier in the SSL context `ssl->session_negotiate->id_len` is equal
+ * to zero, except in the case of a TLS 1.2 session renegotiation or
+ * session resumption.
*/
session_id_len = ssl->session_negotiate->id_len;
@@ -1019,7 +1011,7 @@
* The two functions below may try to send data on the network and
* can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they
* fail to do so and the transmission has to be retried later. In that
- * case as in fatal error cases, we return immediatly. But we must have
+ * case as in fatal error cases, we return immediately. But we must have
* set the handshake state to the next state at that point to ensure
* that we will not write and send again a ClientHello when we
* eventually succeed in sending the pending data.
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 97cf61b..58aac47 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -714,6 +714,18 @@
/*
* Functions for parsing and processing Server Hello
*/
+/**
+ * \brief Detect if the ServerHello contains a supported_versions extension
+ * or not.
+ *
+ * \param[in] ssl SSL context
+ * \param[in] buf Buffer containing the ServerHello message
+ * \param[in] end End of the buffer containing the ServerHello message
+ *
+ * \return 0 if the ServerHello does not contain a supported_versions extension
+ * \return 1 if the ServerHello contains a supported_versions extension
+ * \return A negative value if an error occurred while parsing the ServerHello.
+ */
static int ssl_tls13_is_supported_versions_ext_present(
mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -726,10 +738,10 @@
/*
* Check there is enough data to access the legacy_session_id_echo vector
- * length.
- * - legacy_version, 2 bytes
- * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes
- * - legacy_session_id_echo 1 byte
+ * length:
+ * - legacy_version 2 bytes
+ * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes
+ * - legacy_session_id_echo length 1 byte
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3 );
p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2;