Update code to align with tls13 coding standard
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5f9b5d0..8d1b1d8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -90,8 +90,7 @@
}
#if defined(MBEDTLS_ECDH_C)
-/* This function parses the TLS 1.3 supported_groups extension and
- * stores the received groups in ssl->handshake->curves.
+/*
*
* From RFC 8446:
* enum {
@@ -149,15 +148,14 @@
#if defined(MBEDTLS_ECDH_C)
/*
* ssl_tls13_parse_key_shares_ext() verifies whether the information in the
- * extension is correct and stores the provided key shares. Whether this is an
- * acceptable key share depends on the selected ciphersuite.
+ * extension is correct and stores the first acceptable key share and its associated group.
*
* Possible return values are:
* - 0: Successful processing of the client provided key share extension.
* - SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH: The key shares provided by the client
* does not match a group supported by the server. A HelloRetryRequest will
* be needed.
- * - Another negative return value for fatal errors.
+ * - A negative value for fatal errors.
*/
static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
@@ -355,18 +353,18 @@
/*
* Structure of this message:
*
- * uint16 ProtocolVersion;
- * opaque Random[32];
- * uint8 CipherSuite[2]; // Cryptographic suite selector
+ * uint16 ProtocolVersion;
+ * opaque Random[32];
+ * uint8 CipherSuite[2]; // Cryptographic suite selector
*
- * struct {
- * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
- * Random random;
- * opaque legacy_session_id<0..32>;
- * CipherSuite cipher_suites<2..2^16-2>;
- * opaque legacy_compression_methods<1..2^8-1>;
- * Extension extensions<8..2^16-1>;
- * } ClientHello;
+ * struct {
+ * ProtocolVersion legacy_version = 0x0303; // TLS v1.2
+ * Random random;
+ * opaque legacy_session_id<0..32>;
+ * CipherSuite cipher_suites<2..2^16-2>;
+ * opaque legacy_compression_methods<1..2^8-1>;
+ * Extension extensions<8..2^16-1>;
+ * } ClientHello;
*/
#define SSL_CLIENT_HELLO_OK 0
@@ -392,7 +390,7 @@
/*
* ClientHello layout:
* 0 . 1 protocol version
- * 2 . 33 random bytes ( starting with 4 bytes of Unix time )
+ * 2 . 33 random bytes
* 34 . 34 session id length ( 1 byte )
* 35 . 34+x session id
* .. . .. ciphersuite list length ( 2 bytes )
@@ -458,7 +456,7 @@
ssl->session_negotiate->id_len = legacy_session_id_len;
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
- buf, legacy_session_id_len );
+ p, legacy_session_id_len );
/*
* Check we have enough data for the legacy session identifier
* and the ciphersuite list length.
@@ -490,15 +488,15 @@
* Search for a matching ciphersuite
*/
int ciphersuite_match = 0;
- ciphersuite_info = NULL;
for ( ; p < cipher_suites_end; p += 2 )
{
- uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
- cipher_suite );
+ uint16_t cipher_suite;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
+ cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
/*
- * Check whether this ciphersuite is valid and offered.
- */
+ * Check whether this ciphersuite is valid and offered.
+ */
if( ( mbedtls_ssl_validate_ciphersuite(
ssl, ciphersuite_info, ssl->tls_version,
ssl->tls_version ) != 0 ) ||
@@ -548,8 +546,8 @@
*/
extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- extensions_end = p + extensions_len;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+ extensions_end = p + extensions_len;
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p, extensions_len );
@@ -686,8 +684,6 @@
return( 0 );
}
-/* Update the handshake state machine */
-
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -700,7 +696,6 @@
return( ret );
}
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
return( 0 );
}
@@ -723,8 +718,8 @@
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
buf + buflen ) );
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "postprocess" ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
cleanup:
@@ -733,7 +728,7 @@
}
/*
- * TLS 1.3 State Maschine -- server side
+ * TLS 1.3 State Machine -- server side
*/
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
{
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b0f5f4b..b1a9d47 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -10210,8 +10210,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_SRV_C
requires_openssl_tls1_3
run_test "TLS 1.3: Server side check - openssl" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
@@ -10227,8 +10226,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: Server side check - gnutls" \
"$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 644c5ab..848a497 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3277,7 +3277,7 @@
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_DATAGRAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-Version config: supported server TLS 1.3 only
+Version config: valid server TLS 1.3 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_3
conf_version:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:0