fix various issues

Signed-off-by: Jerry Yu <[email protected]>

library/ssl_tls13_client.c

@@ -35,6 +35,7 @@
 #include "mbedtls/platform.h"
 
 #define CLIENT_HELLO_RANDOM_LEN 32
+#define SERVER_HELLO_RANDOM_LEN 32
 
 /* Write extensions */
 
@@ -93,8 +94,8 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context* ssl,
-                                                   const unsigned char* buf,
+static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
+                                                   const unsigned char *buf,
                                                    size_t len )
 {
     /* TODO: Implement full version and remove force version set in
@@ -589,8 +590,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "Invalid server key share, our group %u, their group %u",
-              (unsigned) ssl->handshake->offered_group_id,
-              (unsigned) server_share_group ) );
+              (unsigned) offered_group, (unsigned) server_share_group ) );
         return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
@@ -940,9 +940,9 @@ static int ssl_server_hello_is_hrr( unsigned const char *buf )
  * to indicate which message is expected and to be parsed next. */
 #define SSL_SERVER_HELLO_COORDINATE_HELLO  0
 #define SSL_SERVER_HELLO_COORDINATE_HRR 1
-static int ssl_server_hello_coordinate( mbedtls_ssl_context* ssl,
+static int ssl_server_hello_coordinate( mbedtls_ssl_context *ssl,
                                         unsigned char **buf,
-                                        size_t *buflen )
+                                        size_t *buf_len )
 {
     int ret;
 
@@ -963,7 +963,7 @@ static int ssl_server_hello_coordinate( mbedtls_ssl_context* ssl,
     }
 
     *buf = ssl->in_msg + 4;
-    *buflen = ssl->in_hslen - 4;
+    *buf_len = ssl->in_hslen - 4;
 
     if( ssl_server_hello_is_hrr( ssl->in_msg + 4 ) )
     {
@@ -972,6 +972,7 @@ static int ssl_server_hello_coordinate( mbedtls_ssl_context* ssl,
     }
     else
     {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "received ServerHello message" ) );
         ret = SSL_SERVER_HELLO_COORDINATE_HELLO;
     }
 
@@ -1023,6 +1024,7 @@ static int ssl_tls13_parse_server_hello_session_id( mbedtls_ssl_context *ssl,
                             recv_id_len );
     return( 0 );
 }
+
 static int ssl_tls13_parse_server_hello_cipher_suite( mbedtls_ssl_context *ssl,
                                                       const unsigned char *buf,
                                                       const unsigned char *end,
@@ -1142,9 +1144,11 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
 
     /* Store server-provided random values */
-    memcpy( ssl->handshake->randbytes + 32, p, 32 );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", p + 2, 32 );
-    p += 32;
+    memcpy( ssl->handshake->randbytes + CLIENT_HELLO_RANDOM_LEN, p,
+            SERVER_HELLO_RANDOM_LEN );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
+                           p, SERVER_HELLO_RANDOM_LEN );
+    p += SERVER_HELLO_RANDOM_LEN;
 
     /* Read and store session id (legacy_session_id_echo) */
     if( ssl_tls13_parse_server_hello_session_id( ssl, p, end, &field_len ) != 0 )
@@ -1279,7 +1283,7 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context* ssl )
+static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context *ssl )
 {
     int ret;
     mbedtls_ssl_key_set traffic_keys;
@@ -1296,7 +1300,6 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context* ssl )
      *      THEN set MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
      *   ELSE unknown key exchange mechanism.
      */
-
     if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_PRE_SHARED_KEY )
     {
         if( ssl->handshake->extensions_present & MBEDTLS_SSL_EXT_KEY_SHARE )
@@ -1366,12 +1369,11 @@ static int ssl_tls13_finalize_server_hello( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to handshake keys for inbound traffic" ) );
     ssl->session_in = ssl->session_negotiate;
 
-    /*
-     * State machine update
-     */
+    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
+
+    /* State machine update */
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS );
 
-    mbedtls_platform_zeroize( &traffic_keys, sizeof( traffic_keys ) );
     return( 0 );
 }