From 6b226b0874e46b98feb7a46e83624f71cc757ee1 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Fri, 24 Sep 2021 07:51:16 +0000
Subject: [PATCH 1/3] Add fetch_hand_message in generic

This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  8 ++++++++
 library/ssl_tls13_generic.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a1128eda0..fa777cc93 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1489,6 +1489,14 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
     ssl->state = ( int ) state;
 }
 
+/*
+ * Fetch TLS 1.3 handshake message header
+ */
+int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+                                       unsigned hs_type,
+                                       unsigned char **buf,
+                                       size_t *buf_len );
+
 /*
  * Write TLS 1.3 handshake message header
  */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 5c20f2928..4aaafa5ea 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -28,6 +28,38 @@
 
 #include "ssl_misc.h"
 
+int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+                                     unsigned hs_type,
+                                     unsigned char **buf,
+                                     size_t *buflen )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ssl_read_record( ssl, 0 ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        goto cleanup;
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
+        ssl->in_msg[0]  != hs_type )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
+                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
+        goto cleanup;
+    }
+
+    *buf    = ssl->in_msg   + 4;
+    *buflen = ssl->in_hslen - 4;
+
+
+cleanup:
+
+    return( ret );
+}
+
 int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
                                            unsigned hs_type,
                                            unsigned char **buf,

From 16c61aa7385da89712d345b68959ef62d26f1c69 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Mon, 27 Sep 2021 09:30:17 +0000
Subject: [PATCH 2/3] TLS1.3: Alignment coding styles based on comments

Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_misc.h          |  6 +++---
 library/ssl_tls13_generic.c | 11 +++++------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index fa777cc93..3f3f50503 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1493,9 +1493,9 @@ static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
  * Fetch TLS 1.3 handshake message header
  */
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                       unsigned hs_type,
-                                       unsigned char **buf,
-                                       size_t *buf_len );
+                                            unsigned hs_type,
+                                            unsigned char **buf,
+                                            size_t *buf_len );
 
 /*
  * Write TLS 1.3 handshake message header
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4aaafa5ea..f7112332f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,9 +29,9 @@
 #include "ssl_misc.h"
 
 int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
-                                     unsigned hs_type,
-                                     unsigned char **buf,
-                                     size_t *buflen )
+                                            unsigned hs_type,
+                                            unsigned char **buf,
+                                            size_t *buflen )
 {
     int ret;
 
@@ -41,10 +41,10 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
         goto cleanup;
     }
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE         ||
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
         ssl->in_msg[0]  != hs_type )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
                               MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
@@ -54,7 +54,6 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
     *buf    = ssl->in_msg   + 4;
     *buflen = ssl->in_hslen - 4;
 
-
 cleanup:
 
     return( ret );

From 05420b120b5a529a246f301492434c139b6ae403 Mon Sep 17 00:00:00 2001
From: XiaokangQian <xiaokang.qian@arm.com>
Date: Wed, 29 Sep 2021 08:46:37 +0000
Subject: [PATCH 3/3] TLS1.3: Add useful comments based on RFC8446

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_generic.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f7112332f..99ab2695d 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -46,11 +46,18 @@ int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Receive unexpected handshake message." ) );
         MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
-                              MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+                                      MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
         goto cleanup;
     }
 
+    /*
+     * Jump handshake header (4 bytes, see Section 4 of RFC 8446).
+     *    ...
+     *    HandshakeType msg_type;
+     *    uint24 length;
+     *    ...
+     */
     *buf    = ssl->in_msg   + 4;
     *buflen = ssl->in_hslen - 4;