From c068b6671e2e2748f968d8b4dd4da583f2c25926 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 11 Oct 2021 22:30:19 +0800 Subject: [PATCH] Rename tls13 prefix to fix coding issues Signed-off-by: Jerry Yu --- library/ecdh.c | 18 +++++++-------- library/ecdh_misc.h | 6 ++--- library/ssl_misc.h | 2 +- library/ssl_tls13_client.c | 45 +++++++++++++++++++------------------- library/ssl_tls13_keys.c | 24 ++++++++++---------- library/ssl_tls13_keys.h | 6 ++--- 6 files changed, 51 insertions(+), 50 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 8884260e8..27e5d739c 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -806,9 +806,9 @@ int mbedtls_ecdh_setup_no_everest( mbedtls_ecdh_context *ctx, #endif } -static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx, - const unsigned char *buf, - size_t blen ) +static int ecdh_tls13_read_public_internal( mbedtls_ecdh_context_mbed *ctx, + const unsigned char *buf, + size_t blen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; @@ -838,15 +838,15 @@ static int ecdh_tls1_3_read_public_internal( mbedtls_ecdh_context_mbed *ctx, /* * Parse and import the client's TLS 1.3 public value */ -int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, - size_t blen ) +int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, + size_t blen ) { ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( buf != NULL ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_tls1_3_read_public_internal( ctx, buf, blen ) ); + return( ecdh_tls13_read_public_internal( ctx, buf, blen ) ); #else switch( ctx->var ) { @@ -855,8 +855,8 @@ int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx, return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_tls1_3_read_public_internal( &ctx->ctx.mbed_ecdh, - buf, blen ) ); + return( ecdh_tls13_read_public_internal( &ctx->ctx.mbed_ecdh, + buf, blen ) ); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h index 94d31394b..228f54a31 100644 --- a/library/ecdh_misc.h +++ b/library/ecdh_misc.h @@ -46,9 +46,9 @@ int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, /* * TLS 1.3 version of mbedtls_ecdh_read_public in ecdh.h */ -int mbedtls_ecdh_tls1_3_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, - size_t blen ); +int mbedtls_ecdh_tls13_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, + size_t blen ); #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b801499ca..216035933 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -737,7 +737,7 @@ struct mbedtls_ssl_handshake_params unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE]; } tls1_3_master_secrets; - mbedtls_ssl_tls1_3_handshake_secrets tls1_3_hs_secrets; + mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 57195b329..768caed96 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -95,9 +95,9 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl, return( 0 ); } -static int ssl_tls1_3_parse_supported_versions_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len ) +static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t buf_len ) { ((void) ssl); @@ -477,7 +477,7 @@ cleanup: #if defined(MBEDTLS_ECDH_C) -static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl ) +static int ssl_tls13_check_ecdh_params( const mbedtls_ssl_context *ssl ) { const mbedtls_ecp_curve_info *curve_info; mbedtls_ecp_group_id grp_id; @@ -511,13 +511,13 @@ static int ssl_tls1_3_check_ecdh_params( const mbedtls_ssl_context *ssl ) * * The server only provides a single KeyShareEntry. */ -static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t buf_len ) +static int ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t buf_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ecdh_tls1_3_read_public( &ssl->handshake->ecdh_ctx, + ret = mbedtls_ecdh_tls13_read_public( &ssl->handshake->ecdh_ctx, buf, buf_len ); if( ret != 0 ) { @@ -525,9 +525,9 @@ static int ssl_tls1_3_read_public_ecdhe_share( mbedtls_ssl_context *ssl, return( ret ); } - if( ssl_tls1_3_check_ecdh_params( ssl ) != 0 ) + if( ssl_tls13_check_ecdh_params( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls1_3_check_ecdh_params() failed!" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ssl_tls13_check_ecdh_params() failed!" ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); @@ -579,7 +579,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) ) { /* Complete ECDHE key agreement */ - ret = ssl_tls1_3_read_public_ecdhe_share( ssl, p, end - p ); + ret = ssl_tls13_read_public_ecdhe_share( ssl, p, end - p ); if( ret != 0 ) return( ret ); } @@ -1028,9 +1028,9 @@ static int ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl, * Extension extensions<6..2 ^ 16 - 1>; * } ServerHello; */ -static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl, - const unsigned char *buf, - const unsigned char *end ) +static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) { int ret; const unsigned char *p = buf; @@ -1189,7 +1189,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_versions extension" ) ); - ret = ssl_tls1_3_parse_supported_versions_ext( ssl, + ret = ssl_tls13_parse_supported_versions_ext( ssl, p, extension_data_len ); if( ret != 0 ) return( ret ); @@ -1236,7 +1236,7 @@ static int ssl_tls1_3_parse_server_hello( mbedtls_ssl_context *ssl, return( 0 ); } -static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl ) +static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl ) { int ret; mbedtls_ssl_key_set traffic_keys; @@ -1305,11 +1305,11 @@ static int ssl_tls1_3_finalize_server_hello( mbedtls_ssl_context *ssl ) /* Next evolution in key schedule: Establish handshake secret and * key material. */ - ret = mbedtls_ssl_tls1_3_generate_handshake_keys( ssl, &traffic_keys ); + ret = mbedtls_ssl_tls13_generate_handshake_keys( ssl, &traffic_keys ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_tls1_3_generate_handshake_keys", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_generate_handshake_keys", + ret ); goto cleanup; } @@ -1350,6 +1350,7 @@ cleanup: { if( transform_handshake != NULL ) mbedtls_free( transform_handshake ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); @@ -1385,14 +1386,14 @@ static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl ) */ if( ret == SSL_SERVER_HELLO_COORDINATE_HELLO ) { - MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_parse_server_hello( ssl, buf, - buf + buf_len ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf, + buf + buf_len ) ); mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len ); - MBEDTLS_SSL_PROC_CHK( ssl_tls1_3_finalize_server_hello( ssl ) ); + MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) ); } else if( ret == SSL_SERVER_HELLO_COORDINATE_HRR ) { diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 7ba5b5f8f..b568f3fd8 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -847,10 +847,10 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl ) return( 0 ); } -/* mbedtls_ssl_tls1_3_generate_handshake_keys() generates keys necessary for +/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for * protecting the handshake messages, as described in Section 7 of TLS 1.3. */ -int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys ) +int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -864,7 +864,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, mbedtls_cipher_info_t const *cipher_info; size_t keylen, ivlen; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_generate_handshake_keys" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) ); cipher_info = mbedtls_cipher_info_from_type( ssl->handshake->ciphersuite_info->cipher ); @@ -890,7 +890,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type, ssl->handshake->tls1_3_master_secrets.handshake, transcript, transcript_len, - &ssl->handshake->tls1_3_hs_secrets ); + &ssl->handshake->tls13_hs_secrets ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets", @@ -899,11 +899,11 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret", - ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, md_size ); MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret", - ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, md_size ); /* @@ -914,7 +914,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, { ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, md_size, ssl->handshake->randbytes + 32, ssl->handshake->randbytes, @@ -922,7 +922,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, ssl->f_export_keys( ssl->p_export_keys, MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, md_size, ssl->handshake->randbytes + 32, ssl->handshake->randbytes, @@ -931,8 +931,8 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXPORT_KEYS */ ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type, - ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret, - ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, + ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, md_size, keylen, ivlen, traffic_keys ); if( ret != 0 ) @@ -957,7 +957,7 @@ int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, traffic_keys->server_write_iv, traffic_keys->iv_len); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_generate_handshake_keys" ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) ); exit: diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 71bd90de2..384f433b5 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -539,7 +539,7 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl ); * with states Initial -> Early -> Handshake -> Application, and * this function represents the Early -> Handshake transition. * - * In the handshake stage, mbedtls_ssl_tls1_3_generate_handshake_keys() + * In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys() * can be used to derive the handshake traffic keys. * * \param ssl The SSL context to operate on. This must be in key schedule @@ -562,7 +562,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ); * \returns \c 0 on success. * \returns A negative error code on failure. */ -int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys ); +int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys ); #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */