ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-26 23:14:07 +08:00
Code Issues Releases Wiki Activity

Address review comments

Browse Source 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
This commit is contained in:
Xiaofei Bai 2022-03-14 02:48:30 +00:00 committed by XiaokangQian
parent 9ca09d497f
commit 5ee73d84a9
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
library/ssl_tls13_server.c
View File

@ -773,20 +773,20 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
* } CertificateRequest; * } CertificateRequest;
* *
*/ */
static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl, static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
const unsigned char *end, const unsigned char *end,
size_t *out_len ) size_t *out_len )
{ {
int ret; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t ext_size = 0; size_t extensions_len = 0;
unsigned char *p = buf; unsigned char *p = buf;
*out_len = 0; *out_len = 0;
/* Check if we have enough space: /* Check if we have enough space:
* - certificate_request_context (1 byte) * - certificate_request_context (1 byte)
* - extensions (2 bytes) * - extensions length (2 bytes)
*/ */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
@ -804,20 +804,20 @@ static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl,
* Write extensions * Write extensions
*/ */
/* The extensions must contain the signature_algorithms. */ /* The extensions must contain the signature_algorithms. */
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2, end, &ext_size ); ret = mbedtls_ssl_write_sig_alg_ext( ssl, p + 2, end, &extensions_len );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
/* length field for all extensions */ /* length field for all extensions */
MBEDTLS_PUT_UINT16_BE( ext_size, p, 0 ); MBEDTLS_PUT_UINT16_BE( extensions_len, p, 0 );
p += 2 + ext_size; p += 2 + extensions_len;
*out_len = p - buf; *out_len = p - buf;
return( ret ); return( 0 );
} }
static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -833,14 +833,12 @@ static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl, MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) ); MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request( MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len ) ); ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_tls13_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len ); ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
/* TODO: Logically this should come at the end, but the non-MPS msg
* layer impl'n of mbedtls_ssl_tls13_finish_handshake_msg() can fail. */
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg(
ssl, buf_len, msg_len ) ); ssl, buf_len, msg_len ) );
} }
@ -1331,7 +1329,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_SSL_CERTIFICATE_REQUEST: case MBEDTLS_SSL_CERTIFICATE_REQUEST:
ret = ssl_tls13_process_certificate_request( ssl ); ret = ssl_tls13_write_certificate_request( ssl );
break; break;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */