mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-12 07:25:36 +00:00
Restructure outgoing CliKeyExch: Remove old code
The code from the previous function ssl_write_client_key_exchange() has been entirely moved to one of the newly introduced subroutines and is no longer needed. This commit removes it.
This commit is contained in:
parent
87e3c9aae8
commit
4f68b04018
|
@ -3706,324 +3706,6 @@ static int ssl_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* OLD CODE
|
|
||||||
*
|
|
||||||
* Temporarily included to gradually move it to the correct
|
|
||||||
* place in the restructured code.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
size_t i, n;
|
|
||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
|
||||||
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
|
||||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* DHM key exchange -- send G^X mod P
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* n = ssl->handshake->dhm_ctx.len; */
|
|
||||||
|
|
||||||
/* ssl->out_msg[4] = (unsigned char)( n >> 8 ); */
|
|
||||||
/* ssl->out_msg[5] = (unsigned char)( n ); */
|
|
||||||
/* i = 6; */
|
|
||||||
|
|
||||||
/* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
|
|
||||||
/* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
|
|
||||||
/* &ssl->out_msg[i], n, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); */
|
|
||||||
|
|
||||||
/* if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, */
|
|
||||||
/* ssl->handshake->premaster, */
|
|
||||||
/* MBEDTLS_PREMASTER_SIZE, */
|
|
||||||
/* &ssl->handshake->pmslen, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ) ) != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
|
||||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
|
||||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
|
|
||||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
|
||||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
|
|
||||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
|
||||||
== MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
|
|
||||||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
|
||||||
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* ECDH key exchange -- send client public value
|
|
||||||
*/
|
|
||||||
/* i = 4; */
|
|
||||||
|
|
||||||
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
|
|
||||||
/* if( ssl->handshake->ecrs_enabled ) */
|
|
||||||
/* { */
|
|
||||||
/* if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) */
|
|
||||||
/* goto ecdh_calc_secret; */
|
|
||||||
|
|
||||||
/* mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); */
|
|
||||||
/* } */
|
|
||||||
/* #endif */
|
|
||||||
|
|
||||||
/* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, */
|
|
||||||
/* &n, */
|
|
||||||
/* &ssl->out_msg[i], 1000, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
|
|
||||||
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
|
|
||||||
/* if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
|
|
||||||
/* ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
|
|
||||||
/* #endif */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
|
|
||||||
/* MBEDTLS_DEBUG_ECDH_Q ); */
|
|
||||||
|
|
||||||
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
|
|
||||||
/* if( ssl->handshake->ecrs_enabled ) */
|
|
||||||
/* { */
|
|
||||||
/* ssl->handshake->ecrs_n = n; */
|
|
||||||
/* ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* ecdh_calc_secret: */
|
|
||||||
/* if( ssl->handshake->ecrs_enabled ) */
|
|
||||||
/* n = ssl->handshake->ecrs_n; */
|
|
||||||
/* #endif */
|
|
||||||
/* if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, */
|
|
||||||
/* &ssl->handshake->pmslen, */
|
|
||||||
/* ssl->handshake->premaster, */
|
|
||||||
/* MBEDTLS_MPI_MAX_SIZE, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ) ) != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); */
|
|
||||||
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
|
|
||||||
/* if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
|
|
||||||
/* ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
|
|
||||||
/* #endif */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
|
|
||||||
/* MBEDTLS_DEBUG_ECDH_Z ); */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
|
||||||
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* opaque psk_identity<0..2^16-1>;
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) ); */
|
|
||||||
/* return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* i = 4; */
|
|
||||||
/* n = ssl->conf->psk_identity_len; */
|
|
||||||
|
|
||||||
/* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " */
|
|
||||||
/* "SSL buffer too short" ) ); */
|
|
||||||
/* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
|
|
||||||
/* ssl->out_msg[i++] = (unsigned char)( n ); */
|
|
||||||
|
|
||||||
/* memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); */
|
|
||||||
/* i += ssl->conf->psk_identity_len; */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
|
||||||
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
|
|
||||||
/* == MBEDTLS_KEY_EXCHANGE_PSK ) */
|
|
||||||
/* { */
|
|
||||||
/* n = 0; */
|
|
||||||
/* } */
|
|
||||||
/* else */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
|
||||||
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
|
|
||||||
/* == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
|
|
||||||
/* { */
|
|
||||||
/* /\* Code for PMS generation has been moved, */
|
|
||||||
/* * code for encryption and writing it hasn't. *\/ */
|
|
||||||
/* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
/* else */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
|
||||||
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
|
|
||||||
/* == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) */
|
|
||||||
/* { */
|
|
||||||
/* /\* */
|
|
||||||
/* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */
|
|
||||||
/* *\/ */
|
|
||||||
/* n = ssl->handshake->dhm_ctx.len; */
|
|
||||||
|
|
||||||
/* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" */
|
|
||||||
/* " or SSL buffer too short" ) ); */
|
|
||||||
/* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
|
|
||||||
/* ssl->out_msg[i++] = (unsigned char)( n ); */
|
|
||||||
|
|
||||||
/* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
|
|
||||||
/* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
|
|
||||||
/* &ssl->out_msg[i], n, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
/* } */
|
|
||||||
/* else */
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
|
||||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
|
|
||||||
== MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* ClientECDiffieHellmanPublic public;
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, */
|
|
||||||
/* &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
|
|
||||||
/* MBEDTLS_DEBUG_ECDH_Q ); */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
|
|
||||||
/* mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
|
||||||
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
|
|
||||||
/* MBEDTLS_KEY_EXCHANGE_RSA ) */
|
|
||||||
/* { */
|
|
||||||
/* i = 4; */
|
|
||||||
/* /\* Code for PMS generation has been moved, */
|
|
||||||
/* * code for encryption and writing it hasn't. *\/ */
|
|
||||||
/* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
|
||||||
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
|
|
||||||
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
|
||||||
{
|
|
||||||
/* i = 4; */
|
|
||||||
|
|
||||||
/* ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, */
|
|
||||||
/* ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, */
|
|
||||||
/* ssl->handshake->premaster, 32, &ssl->handshake->pmslen, */
|
|
||||||
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
|
|
||||||
/* ssl->conf->p_rng ); */
|
|
||||||
/* if( ret != 0 ) */
|
|
||||||
/* { */
|
|
||||||
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); */
|
|
||||||
/* return( ret ); */
|
|
||||||
/* } */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
|
||||||
{
|
|
||||||
((void) ciphersuite_info);
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl->out_msglen = i + n;
|
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
|
|
||||||
|
|
||||||
ssl->state++;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
||||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue