fix format/name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
2f0abc94d8
commit
568ec2502a
2 changed files with 44 additions and 41 deletions
|
|
@ -1710,8 +1710,12 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
|
||||||
else
|
else
|
||||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
psa_set_key_usage_flags( &key_attributes,
|
psa_set_key_usage_flags( &key_attributes,
|
||||||
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
|
||||||
|
#else
|
||||||
|
psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
|
||||||
|
#endif
|
||||||
psa_set_key_algorithm( &key_attributes, alg );
|
psa_set_key_algorithm( &key_attributes, alg );
|
||||||
psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
|
psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -191,14 +191,14 @@ static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl,
|
||||||
psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
|
psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
|
||||||
switch( binder_len )
|
switch( binder_len )
|
||||||
{
|
{
|
||||||
case 32:
|
case 32:
|
||||||
md_alg = MBEDTLS_MD_SHA256;
|
md_alg = MBEDTLS_MD_SHA256;
|
||||||
break;
|
break;
|
||||||
case 48:
|
case 48:
|
||||||
md_alg = MBEDTLS_MD_SHA384;
|
md_alg = MBEDTLS_MD_SHA384;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
|
||||||
}
|
}
|
||||||
psa_md_alg = mbedtls_psa_translate_md( md_alg );
|
psa_md_alg = mbedtls_psa_translate_md( md_alg );
|
||||||
/* Get current state of handshake transcript. */
|
/* Get current state of handshake transcript. */
|
||||||
|
|
@ -264,11 +264,13 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
const unsigned char *end )
|
const unsigned char *end )
|
||||||
{
|
{
|
||||||
const unsigned char *next_identity = buf;
|
const unsigned char *identities = buf;
|
||||||
uint16_t identities_len;
|
const unsigned char *p_identity_len;
|
||||||
|
size_t identities_len;
|
||||||
const unsigned char *identities_end;
|
const unsigned char *identities_end;
|
||||||
const unsigned char *next_binder;
|
const unsigned char *binders;
|
||||||
uint16_t binders_len;
|
const unsigned char *p_binder_len;
|
||||||
|
size_t binders_len;
|
||||||
const unsigned char *binders_end;
|
const unsigned char *binders_end;
|
||||||
int matched_identity = -1;
|
int matched_identity = -1;
|
||||||
int identity_id = -1;
|
int identity_id = -1;
|
||||||
|
|
@ -278,47 +280,44 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||||
/* identities_len 2 bytes
|
/* identities_len 2 bytes
|
||||||
* identities_data >= 7 bytes
|
* identities_data >= 7 bytes
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_identity, end, 7 + 2 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( identities, end, 7 + 2 );
|
||||||
identities_len = MBEDTLS_GET_UINT16_BE( next_identity, 0 );
|
identities_len = MBEDTLS_GET_UINT16_BE( identities, 0 );
|
||||||
next_identity += 2;
|
p_identity_len = identities + 2;
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_identity, end, identities_len );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, end, identities_len );
|
||||||
identities_end = next_identity + identities_len;
|
identities_end = p_identity_len + identities_len;
|
||||||
|
|
||||||
/* binders_len 2 bytes
|
/* binders_len 2 bytes
|
||||||
* binders >= 33 bytes
|
* binders >= 33 bytes
|
||||||
*/
|
*/
|
||||||
next_binder = identities_end;
|
binders = identities_end;
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_binder, end, 33 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( binders, end, 33 );
|
||||||
binders_len = MBEDTLS_GET_UINT16_BE( next_binder, 0 );
|
binders_len = MBEDTLS_GET_UINT16_BE( binders, 0 );
|
||||||
next_binder += 2;
|
p_binder_len = binders + 2;
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_binder, end, binders_len );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, end, binders_len );
|
||||||
binders_end = next_binder + binders_len;
|
binders_end = p_binder_len + binders_len;
|
||||||
|
|
||||||
ssl->handshake->update_checksum( ssl, buf, identities_end - buf );
|
ssl->handshake->update_checksum( ssl, buf, identities_end - buf );
|
||||||
|
|
||||||
while( next_identity < identities_end && next_binder < binders_end )
|
while( p_identity_len < identities_end && p_binder_len < binders_end )
|
||||||
{
|
{
|
||||||
const unsigned char *identity;
|
const unsigned char *identity;
|
||||||
uint16_t identity_len;
|
size_t identity_len;
|
||||||
const unsigned char *binder;
|
const unsigned char *binder;
|
||||||
uint16_t binder_len;
|
size_t binder_len;
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_identity, identities_end, 2 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_identity_len, identities_end, 2 + 1 + 4 );
|
||||||
identity_len = MBEDTLS_GET_UINT16_BE( next_identity, 0 );
|
identity_len = MBEDTLS_GET_UINT16_BE( p_identity_len, 0 );
|
||||||
next_identity += 2;
|
identity = p_identity_len + 2;
|
||||||
identity = next_identity;
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( identity, identities_end, identity_len + 4 );
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_identity,
|
p_identity_len += identity_len + 6;
|
||||||
identities_end,
|
|
||||||
identity_len + 4 );
|
|
||||||
next_identity += identity_len + 4;
|
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_binder, binders_end, 2 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p_binder_len, binders_end, 1 + 32 );
|
||||||
|
binder_len = *p_binder_len;
|
||||||
|
binder = p_binder_len + 1;
|
||||||
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( binder, binders_end, binder_len );
|
||||||
|
p_binder_len += binder_len + 1;
|
||||||
|
|
||||||
binder_len = *next_binder++;
|
|
||||||
binder = next_binder;
|
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( next_binder, binders_end, binder_len );
|
|
||||||
next_binder += binder_len;
|
|
||||||
|
|
||||||
identity_id++;
|
identity_id++;
|
||||||
if( matched_identity != -1 )
|
if( matched_identity != -1 )
|
||||||
|
|
@ -331,7 +330,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
ret = ssl_tls13_offered_psks_check_binder_match(
|
ret = ssl_tls13_offered_psks_check_binder_match(
|
||||||
ssl, binder, binder_len );
|
ssl, binder, binder_len );
|
||||||
if( ret < 0 )
|
if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1,
|
MBEDTLS_SSL_DEBUG_RET( 1,
|
||||||
"ssl_tls13_offered_psks_check_binder_match" , ret );
|
"ssl_tls13_offered_psks_check_binder_match" , ret );
|
||||||
|
|
@ -346,7 +345,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
|
||||||
matched_identity = identity_id;
|
matched_identity = identity_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( next_identity != identities_end || next_binder != binders_end )
|
if( p_identity_len != identities_end || p_binder_len != binders_end )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key extesion decode error" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pre_shared_key extesion decode error" ) );
|
||||||
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue