Fix various issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-11-03 20:22:59 -05:00 · 2021-10-25 12:42:58 +08:00 · 2021-10-25 12:42:58 +08:00 · 26c2d11802
commit 26c2d11802
parent 30b071cb66
1 changed files with 11 additions and 11 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -231,7 +231,7 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
                                               size_t *verify_buffer_len,
                                               int from )
 {
-    size_t idx = 0;
+    size_t idx;

    /* RFC 8446, Section 4.4.3:
     *
@ -245,8 +245,8 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
    uint8_t const verify_padding_val = 0x20;
    size_t const verify_padding_len = 64;

-    memset( verify_buffer + idx, verify_padding_val, verify_padding_len );
-    idx += verify_padding_len;
+    memset( verify_buffer, verify_padding_val, verify_padding_len );
+    idx = verify_padding_len;

    if( from == MBEDTLS_SSL_IS_CLIENT )
    {
@ -293,7 +293,7 @@ static void ssl_tls13_create_verify_structure( unsigned char *transcript_hash,
 #define SSL_VERIFY_STRUCT_MAX_SIZE  ( 64 +                          \
                                      33 +                          \
                                       1 +                          \
-                                      MBEDTLS_MD_MAX_SIZE  \
+                                      MBEDTLS_TLS1_3_MD_MAX_SIZE    \
                                    )
 /* Coordinate: Check whether a certificate verify message is expected.
 * Returns a negative value on failure, and otherwise
@ -530,6 +530,10 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
        unsigned char *buf;
        size_t buf_len;

+        MBEDTLS_SSL_PROC_CHK(
+            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
+
        /* Need to calculate the hash of the transcript first
         * before reading the message since otherwise it gets
         * included in the transcript
@ -555,10 +559,6 @@ int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
                                           &verify_buffer_len,
                                           !ssl->conf->endpoint );

-        MBEDTLS_SSL_PROC_CHK(
-            mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
-                    MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
-
        /* Process the message contents */
        MBEDTLS_SSL_PROC_CHK(
            ssl_tls13_process_certificate_verify_parse( ssl,