Merge pull request #6545 from davidhorstmann-arm/2.28-fix-unusual-macros-0-followup

Refactor/tidy after fixing unusual macros
2025-06-21 14:30:15 +08:00 · 2022-11-10 14:27:14 +00:00 · 2022-11-10 14:27:14 +00:00 · 4637ed2205
commit 4637ed2205
parent 676df8ec88 da2fe26db7
3 changed files with 55 additions and 59 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -2051,7 +2051,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R

        int have_rng = 1;
 #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-        if( f_rng == 0 )
+        if( f_rng == NULL )
            have_rng = 0;
 #endif
        if( have_rng )
@ -2190,7 +2190,7 @@ final_norm:
     */
    int have_rng = 1;
 #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == 0 )
+    if( f_rng == NULL )
        have_rng = 0;
 #endif
    if( have_rng )
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1089,11 +1089,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
     * generate and include a Session ID in the TLS ClientHello."
     */
-    renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        renegotiating = 1;
-#endif
    if( !renegotiating )
    {
        if( ssl->session_negotiate->ticket != NULL &&
@ -1209,11 +1204,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
    /*
     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
     */
-    renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        renegotiating = 1;
-#endif
    if( !renegotiating )
    {
        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
@ -2065,6 +2055,30 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

+static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
+{
+    int bad_comp = 0;
+
+    /* Suppress warnings in some configurations */
+    (void) ssl;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    /* See comments in ssl_write_client_hello() */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        comp != MBEDTLS_SSL_COMPRESS_NULL )
+        bad_comp = 1;
+#endif
+
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
+        comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
+        bad_comp = 1;
+#else /* MBEDTLS_ZLIB_SUPPORT */
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
+        bad_comp = 1;
+#endif/* MBEDTLS_ZLIB_SUPPORT */
+    return bad_comp;
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
 {
@ -2073,9 +2087,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
    size_t ext_len;
    unsigned char *buf, *ext;
    unsigned char comp;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    int accept_comp;
-#endif
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
    int renegotiation_info_seen = 0;
 #endif
@ -2244,23 +2255,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
     */
    comp = buf[37 + n];

-    int bad_comp = 0;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    /* See comments in ssl_write_client_hello() */
-    accept_comp = 1;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        accept_comp = 0;
-#endif
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
-        ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
-        bad_comp = 1;
-#else /* MBEDTLS_ZLIB_SUPPORT */
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-        bad_comp = 1;
-#endif/* MBEDTLS_ZLIB_SUPPORT */
-    if( bad_comp )
+    if( is_compression_bad( ssl, comp ) )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1,
            ( "server hello, bad compression: %d", comp ) );
@ -2693,7 +2688,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
    grp_id = ssl->handshake->ecdh_ctx.grp.id;
 #else
    grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif
+#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */

    curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
    if( curve_info == NULL )
@ -2704,17 +2699,14 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )

    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );

-    int bad_params = 0;
 #if defined(MBEDTLS_ECP_C)
    if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-        bad_params = 1;
+        return( -1 );
 #else
    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
        ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-        bad_params = 1;
-#endif
-    if( bad_params )
        return( -1 );
+#endif /* MBEDTLS_ECP_C */

    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
                            MBEDTLS_DEBUG_ECDH_QP );
@ -3462,25 +3454,23 @@ start_processing:
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
        if( ssl->handshake->ecrs_enabled )
            rs_ctx = &ssl->handshake->ecrs_ctx.pk;
-#endif
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */

        if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
                        md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
        {
-            int send_alert_msg = 1;
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
-#endif
-            if( send_alert_msg )
+            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+                return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
+            }
+#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
            mbedtls_ssl_send_alert_message(
                ssl,
                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
            return( ret );
        }

--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -148,16 +148,22 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,

    int do_mbedtls_cipher_setup = 1;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    do_mbedtls_cipher_setup = 0;
-
    ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
                                    cipher_info, TICKET_AUTH_TAG_BYTES );
-    if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
-        return( ret );
+
+    switch( ret )
+    {
+        case 0:
+            do_mbedtls_cipher_setup = 0;
+            break;
+        case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
            /* We don't yet expect to support all ciphers through PSA,
             * so allow fallback to ordinary mbedtls_cipher_setup(). */
-    if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
            do_mbedtls_cipher_setup = 1;
+            break;
+        default:
+            return( ret );
+    }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
    if( do_mbedtls_cipher_setup )
        if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )