yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix various issues

Browse source 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-08-25 10:51:44 +08:00
parent 2185c0f2e9
commit c5a23a0f12
3 changed files with 16 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/ssl_tls13_keys.c
View file

@ -1572,10 +1572,9 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
unsigned char **psk, unsigned char **psk,
size_t *psk_len ) size_t *psk_len )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*psk_len = 0; *psk_len = 0;
*psk = NULL; *psk = NULL;
@ -1585,16 +1584,12 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes ); status = psa_get_key_attributes( ssl->handshake->psk_opaque, &key_attributes );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
{
return( psa_ssl_status_to_mbedtls( status ) ); return( psa_ssl_status_to_mbedtls( status ) );
}
*psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) ); *psk_len = PSA_BITS_TO_BYTES( psa_get_key_bits( &key_attributes ) );
*psk = mbedtls_calloc( 1, *psk_len ); *psk = mbedtls_calloc( 1, *psk_len );
if( *psk == NULL ) if( *psk == NULL )
{
return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
status = psa_export_key( ssl->handshake->psk_opaque, status = psa_export_key( ssl->handshake->psk_opaque,
(uint8_t *)*psk, *psk_len, psk_len ); (uint8_t *)*psk, *psk_len, psk_len );

17
library/ssl_tls13_server.c
View file

@ -47,9 +47,9 @@
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"
static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id( static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
uint16_t cipher_suite ) unsigned int cipher_suite )
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) ) if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
@ -235,8 +235,8 @@ static int ssl_tls13_select_ciphersuite_for_psk(
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( ssl,
ssl,cipher_suite ); cipher_suite );
if( ciphersuite_info == NULL ) if( ciphersuite_info == NULL )
continue; continue;
@ -416,9 +416,10 @@ static int ssl_tls13_parse_pre_shared_key_ext( mbedtls_ssl_context *ssl,
mbedtls_psa_translate_md( ciphersuite_info->mac ) ); mbedtls_psa_translate_md( ciphersuite_info->mac ) );
if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH ) if( ret != SSL_TLS1_3_OFFERED_PSK_MATCH )
{ {
/* For the security rationale, handshake should be abort when binder /* For security reasons, the handshake should be aborted when we
* value mismatch. See RFC 8446 section 4.2.11.2 and appendix E.6. */ * fail to validate a binder value. See RFC 8446 section 4.2.11.2
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Binder is not matched." ) ); * and appendix E.6. */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Invalid binder." ) );
MBEDTLS_SSL_DEBUG_RET( 1, MBEDTLS_SSL_DEBUG_RET( 1,
"ssl_tls13_offered_psks_check_binder_match" , ret ); "ssl_tls13_offered_psks_check_binder_match" , ret );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_PEND_FATAL_ALERT(
@ -1176,7 +1177,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 ); cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id( ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
ssl,cipher_suite ); ssl,cipher_suite );
if( ciphersuite_info == NULL ) if( ciphersuite_info == NULL )
continue; continue;

10
programs/ssl/ssl_server2.c
View file

@ -1860,10 +1860,12 @@ int main( int argc, char *argv[] )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
else if( strcmp( q, "all" ) == 0 ) else if( strcmp( q, "all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL; opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
/* `psk_or_ephemeral` exists in theory and is not recommended in practice. /* The purpose of `psk_or_ephemeral` is to improve test coverage. That
* In server side, if needed extensions are received, psk or ephemeral * is not recommended in practice.
* mode will be set. Add this mode only for test purposes to improve * `psk_or_ephemeral` exists in theory, we need this mode to test if
* test coverage. * this setting work correctly. With this key exchange setting, server
* should always perform `ephemeral` handshake. `psk` or `psk_ephermal`
* is not expected.
*/ */
else if( strcmp( q, "psk_or_ephemeral" ) == 0 ) else if( strcmp( q, "psk_or_ephemeral" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK | opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |