Restructure SrvKeyExchange: Move parsing code

2025-01-11 15:15:28 +00:00 · 2019-07-23 09:28:03 +01:00 · 2019-07-23 09:28:03 +01:00 · 4ec73cb251
parent 8b7b879143
commit 4ec73cb251
2 changed files with 17 additions and 115 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2790,123 +2790,18 @@ static int ssl_server_key_exchange_coordinate( mbedtls_ssl_context *ssl )
 static int ssl_server_key_exchange_parse( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          size_t buflen )
-{
-    /* TBD */
-}
-
-static int ssl_server_key_exchange_postprocess( mbedtls_ssl_context *ssl )
-{
-    /* TBD */
-}
-
-/* OLD CODE
- *
- * Temporarily included to gradually move it to the correct
- * place in the restructured code.
- *
- */
-
-static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
 {
    int ret;
+    unsigned char *p;
+    unsigned char *end;
+
    mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
        mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
-    unsigned char *p = NULL, *end = NULL;

-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
+    p   = buf + mbedtls_ssl_hs_hdr_len( ssl );
+    end = buf + buflen;

-/* #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) */
-/*     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-/*         MBEDTLS_KEY_EXCHANGE_RSA ) */
-/*     { */
-/*         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); */
-/*         ssl->state++; */
-/*         return( 0 ); */
-/*     } */
-/*     ((void) p); */
-/*     ((void) end); */
-/* #endif */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-/*     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-/*         MBEDTLS_KEY_EXCHANGE_ECDH_RSA || */
-/*         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-/*         MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) */
-/*     { */
-/*         if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) */
-/*         { */
-/*             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); */
-/*             mbedtls_ssl_pend_fatal_alert( ssl, */
-/*                                     MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); */
-/*             return( ret ); */
-/*         } */
-
-/*         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); */
-/*         ssl->state++; */
-/*         return( 0 ); */
-/*     } */
-/*     ((void) p); */
-/*     ((void) end); */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
-    {
-        goto start_processing;
-    }
-#endif
-
-    /* if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) */
-    /* { */
-    /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); */
-    /*     return( ret ); */
-    /* } */
-
-    /* if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) */
-    /* { */
-    /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); */
-    /*     mbedtls_ssl_pend_fatal_alert( ssl, */
-    /*                            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); */
-    /*     return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); */
-    /* } */
-
-    /* /\* */
-    /*  * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server */
-    /*  * doesn't use a psk_identity_hint */
-    /*  *\/ */
-    /* if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) */
-    /* { */
-    /*     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-    /*         == MBEDTLS_KEY_EXCHANGE_PSK || */
-    /*         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-    /*         == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
-    /*     { */
-    /*         /\* Current message is probably either */
-    /*          * CertificateRequest or ServerHelloDone *\/ */
-    /*         ssl->keep_current_message = 1; */
-    /*         goto exit; */
-    /*     } */
-
-    /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " */
-    /*                                 "not be skipped" ) ); */
-    /*     mbedtls_ssl_pend_fatal_alert( ssl, */
-    /*                            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); */
-
-    /*     return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); */
-    /* } */
-
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
-    if( ssl->handshake->ecrs_enabled )
-        ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
-
-start_processing:
-#endif
-    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    end = ssl->in_msg + ssl->in_hslen;
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server key exchange", p, end - p );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p );

 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
@ -3186,11 +3081,12 @@ start_processing:
    }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */

-exit:
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
+    return( 0 );
+}

+static int ssl_server_key_exchange_postprocess( mbedtls_ssl_context *ssl )
+{
+    ssl->state = MBEDTLS_SSL_CERTIFICATE_REQUEST;
    return( 0 );
 }

--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -4218,6 +4218,12 @@ static int ssl_client_key_exchange_parse( mbedtls_ssl_context *ssl,
        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+    if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
+        return( ret );
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
            return( ret );
        }
    }