eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve and fix comments

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-30 09:57:11 +02:00
parent 8ecd9937a9
commit da41b38c42
2 changed files with 25 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

26
library/ssl_client.c
View file

@ -621,15 +621,6 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
* Random random; * Random random;
* ... * ...
* *
* with for TLS 1.2
* struct {
* uint32 gmt_unix_time;
* opaque random_bytes[28];
* } Random;
*
* and for TLS 1.3
* opaque Random[32];
*
* The random bytes have been prepared by ssl_prepare_client_hello() into * The random bytes have been prepared by ssl_prepare_client_hello() into
* the handshake->randbytes buffer and are copied here into the output * the handshake->randbytes buffer and are copied here into the output
* buffer. * buffer.
@ -652,7 +643,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
* opaque legacy_session_id<0..32>; * opaque legacy_session_id<0..32>;
* ... * ...
* *
* The (legacy) session identifier bytes have been by * The (legacy) session identifier bytes have been prepared by
* ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer * ssl_prepare_client_hello() into the ssl->session_negotiate->id buffer
* and are copied here into the output buffer. * and are copied here into the output buffer.
*/ */
@ -890,9 +881,9 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
} }
/* /*
* But when responding to a verify request where we MUST reuse the * Generate the random bytes, except when responding to a verify request
* previoulsy generated random bytes (RFC 6347 4.2.1), generate the * where we MUST reuse the previoulsy generated random bytes
* random bytes. * (RFC 6347 4.2.1).
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
@ -908,9 +899,10 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
} }
/* /*
* Prepare session identifier. But in the case of a TLS 1.2 session * Prepare session identifier. At that point, the length of the session
* renegotiation or session resumption, the initial value of the session * identifier in the SSL context `ssl->session_negotiate->id_len` is equal
* identifier length below is equal to zero. * to zero, except in the case of a TLS 1.2 session renegotiation or
* session resumption.
*/ */
session_id_len = ssl->session_negotiate->id_len; session_id_len = ssl->session_negotiate->id_len;
@ -1019,7 +1011,7 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
* The two functions below may try to send data on the network and * The two functions below may try to send data on the network and
* can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they * can return with the MBEDTLS_ERR_SSL_WANT_READ error code when they
* fail to do so and the transmission has to be retried later. In that * fail to do so and the transmission has to be retried later. In that
* case as in fatal error cases, we return immediatly. But we must have * case as in fatal error cases, we return immediately. But we must have
* set the handshake state to the next state at that point to ensure * set the handshake state to the next state at that point to ensure
* that we will not write and send again a ClientHello when we * that we will not write and send again a ClientHello when we
* eventually succeed in sending the pending data. * eventually succeed in sending the pending data.

18
library/ssl_tls13_client.c
View file

@ -714,6 +714,18 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
/* /*
* Functions for parsing and processing Server Hello * Functions for parsing and processing Server Hello
*/ */
/**
* \brief Detect if the ServerHello contains a supported_versions extension
* or not.
*
* \param[in] ssl SSL context
* \param[in] buf Buffer containing the ServerHello message
* \param[in] end End of the buffer containing the ServerHello message
*
* \return 0 if the ServerHello does not contain a supported_versions extension
* \return 1 if the ServerHello contains a supported_versions extension
* \return A negative value if an error occurred while parsing the ServerHello.
*/
static int ssl_tls13_is_supported_versions_ext_present( static int ssl_tls13_is_supported_versions_ext_present(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
@ -726,10 +738,10 @@ static int ssl_tls13_is_supported_versions_ext_present(
/* /*
* Check there is enough data to access the legacy_session_id_echo vector * Check there is enough data to access the legacy_session_id_echo vector
* length. * length:
* - legacy_version, 2 bytes * - legacy_version 2 bytes
* - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes * - random MBEDTLS_SERVER_HELLO_RANDOM_LEN bytes
* - legacy_session_id_echo 1 byte * - legacy_session_id_echo length 1 byte
*/ */
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3 ); MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN + 3 );
p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2; p += MBEDTLS_SERVER_HELLO_RANDOM_LEN + 2;