yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-11-04 06:14:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move ssl_process_in_server_key_exchange to avoid func use-before-def

Browse source
This commit is contained in:
Hanno Becker 2019-08-12 15:18:29 +01:00
parent 4e46709800
commit 3328b1822a
1 changed files with 60 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
library/ssl_cli.c
View file

@ -2632,66 +2632,6 @@ static int ssl_in_server_key_exchange_postprocess( mbedtls_ssl_context *ssl );
* Implementation
*/
static int ssl_process_in_server_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
/* Preparation:
* Potentially extract DH parameters from Server's certificate.
*
* Consider: Why don't we do this as post-processing after
* the server certificate has been read?
*/
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_prepare( ssl ) );
/* Coordination:
* Check if we expect a ServerKeyExchange */
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_coordinate( ssl ) );
if( ret == SSL_SRV_KEY_EXCHANGE_EXPECTED )
{
/* Reading step */
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_pend_fatal_alert( ssl,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
goto cleanup;
}
else
{
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_parse( ssl, ssl->in_msg,
ssl->in_hslen ) );
}
}
else if( ret == SSL_SRV_KEY_EXCHANGE_SKIP )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
}
/* Update state */
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_postprocess( ssl ) );
cleanup:
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
ssl->keep_current_message = 1;
#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
return( ret );
}
static int ssl_in_server_key_exchange_prepare( mbedtls_ssl_context *ssl )
{
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
@ -3093,6 +3033,66 @@ static int ssl_in_server_key_exchange_postprocess( mbedtls_ssl_context *ssl )
return( 0 );
}
static int ssl_process_in_server_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
/* Preparation:
* Potentially extract DH parameters from Server's certificate.
*
* Consider: Why don't we do this as post-processing after
* the server certificate has been read?
*/
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_prepare( ssl ) );
/* Coordination:
* Check if we expect a ServerKeyExchange */
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_coordinate( ssl ) );
if( ret == SSL_SRV_KEY_EXCHANGE_EXPECTED )
{
/* Reading step */
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
return( ret );
}
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
mbedtls_ssl_pend_fatal_alert( ssl,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
goto cleanup;
}
else
{
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_parse( ssl, ssl->in_msg,
ssl->in_hslen ) );
}
}
else if( ret == SSL_SRV_KEY_EXCHANGE_SKIP )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
}
/* Update state */
MBEDTLS_SSL_CHK( ssl_in_server_key_exchange_postprocess( ssl ) );
cleanup:
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
ssl->keep_current_message = 1;
#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
return( ret );
}
#if ! defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{