Change mbedtls_ssl_parse_server_name_ext base on comments

Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-17 02:57:00 +00:00 · 2022-05-17 02:57:00 +00:00 · 9b2b7716b0
commit 9b2b7716b0
parent 40a3523eb7
4 changed files with 45 additions and 22 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -2271,9 +2271,9 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
                                   const unsigned char *end, size_t *out_len );

 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
-                                      const unsigned char *buf,
-                                      const unsigned char *end );
+int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
+                                       const unsigned char *buf,
+                                       const unsigned char *end );
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */

 #endif /* ssl_misc.h */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -8211,44 +8211,67 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
-                                             const unsigned char *buf,
-                                             const unsigned char *end )
+/*
+ * mbedtls_ssl_parse_server_name_ext
+ *
+ * Structure of server_name extension:
+ *
+ *  enum {
+ *        host_name(0), (255)
+ *     } NameType;
+ *  opaque HostName<1..2^16-1>;
+ *
+ *  struct {
+ *          NameType name_type;
+ *          select (name_type) {
+ *             case host_name: HostName;
+ *           } name;
+ *     } ServerName;
+ *  struct {
+ *          ServerName server_name_list<1..2^16-1>
+ *     } ServerNameList;
+ */
+int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
+                                       const unsigned char *buf,
+                                       const unsigned char *end )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    const unsigned char *p = buf;
-    size_t servername_list_size, hostname_len;
-    const unsigned char *servername_end;
+    size_t server_name_list_len, hostname_len;
+    const unsigned char *server_name_list_end;

    if( ssl->conf->p_sni == NULL )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "No SNI callback configured. Skip SNI parsing." ) );
+        MBEDTLS_SSL_DEBUG_MSG(
+                3, ( "No SNI callback configured. Skip SNI parsing." ) );
        return( 0 );
    }

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Parse ServerName extension" ) );

    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
-    servername_list_size = MBEDTLS_GET_UINT16_BE( p, 0 );
+    server_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
    p += 2;

-    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, servername_list_size );
-    servername_end = p + servername_list_size;
-    while ( p < servername_end )
+    MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, server_name_list_len );
+    server_name_list_end = p + server_name_list_len;
+    while ( p < server_name_list_end )
    {
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, servername_end, 3 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end, 3 );
        hostname_len = MBEDTLS_GET_UINT16_BE( p, 1 );
-        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, servername_end, hostname_len + 3 );
+        MBEDTLS_SSL_CHK_BUF_READ_PTR( p, server_name_list_end,
+                                      hostname_len + 3 );

        if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
        {
            ret = ssl->conf->f_sni( ssl->conf->p_sni,
-                                   ssl, p + 3, hostname_len );
+                                    ssl, p + 3, hostname_len );
            if( ret != 0 )
            {
                MBEDTLS_SSL_DEBUG_RET( 1, "sni_wrapper", ret );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                               MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
+                mbedtls_ssl_send_alert_message(
+                        ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                        MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
                return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME );
            }
            return( 0 );
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -1409,8 +1409,8 @@ read_record_header:
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
            case MBEDTLS_TLS_EXT_SERVERNAME:
                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                ret = mbedtls_ssl_parse_servername_ext( ssl, ext + 4,
-                                                        ext + 4 + ext_size );
+                ret = mbedtls_ssl_parse_server_name_ext( ssl, ext + 4,
+                                                         ext + 4 + ext_size );
                if( ret != 0 )
                    return( ret );
                break;
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -583,8 +583,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
            case MBEDTLS_TLS_EXT_SERVERNAME:
                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                ret = mbedtls_ssl_parse_servername_ext( ssl, p,
-                                                        extension_data_end );
+                ret = mbedtls_ssl_parse_server_name_ext( ssl, p,
+                                                         extension_data_end );
                if( ret != 0 )
                {
                    MBEDTLS_SSL_DEBUG_RET(