Restructure outgoing CliKeyExch: Remove old code

The code from the previous function ssl_write_client_key_exchange()
has been entirely moved to one of the newly introduced subroutines
and is no longer needed. This commit removes it.
This commit is contained in:
Hanno Becker 2019-07-22 15:58:19 +01:00
parent 87e3c9aae8
commit 4f68b04018

View file

@ -3706,324 +3706,6 @@ static int ssl_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
/* OLD CODE
*
* Temporarily included to gradually move it to the correct
* place in the restructured code.
*
*/
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
size_t i, n;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
{
/*
* DHM key exchange -- send G^X mod P
*/
/* n = ssl->handshake->dhm_ctx.len; */
/* ssl->out_msg[4] = (unsigned char)( n >> 8 ); */
/* ssl->out_msg[5] = (unsigned char)( n ); */
/* i = 6; */
/* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
/* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
/* &ssl->out_msg[i], n, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
/* return( ret ); */
/* } */
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); */
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); */
/* if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, */
/* ssl->handshake->premaster, */
/* MBEDTLS_PREMASTER_SIZE, */
/* &ssl->handshake->pmslen, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ) ) != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); */
/* return( ret ); */
/* } */
/* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
/*
* ECDH key exchange -- send client public value
*/
/* i = 4; */
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
/* if( ssl->handshake->ecrs_enabled ) */
/* { */
/* if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) */
/* goto ecdh_calc_secret; */
/* mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); */
/* } */
/* #endif */
/* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, */
/* &n, */
/* &ssl->out_msg[i], 1000, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
/* if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
/* ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
/* #endif */
/* return( ret ); */
/* } */
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
/* MBEDTLS_DEBUG_ECDH_Q ); */
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
/* if( ssl->handshake->ecrs_enabled ) */
/* { */
/* ssl->handshake->ecrs_n = n; */
/* ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; */
/* } */
/* ecdh_calc_secret: */
/* if( ssl->handshake->ecrs_enabled ) */
/* n = ssl->handshake->ecrs_n; */
/* #endif */
/* if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, */
/* &ssl->handshake->pmslen, */
/* ssl->handshake->premaster, */
/* MBEDTLS_MPI_MAX_SIZE, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ) ) != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); */
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
/* if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
/* ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
/* #endif */
/* return( ret ); */
/* } */
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
/* MBEDTLS_DEBUG_ECDH_Z ); */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
{
/*
* opaque psk_identity<0..2^16-1>;
*/
/* if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) */
/* { */
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) ); */
/* return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); */
/* } */
/* i = 4; */
/* n = ssl->conf->psk_identity_len; */
/* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
/* { */
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " */
/* "SSL buffer too short" ) ); */
/* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
/* } */
/* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
/* ssl->out_msg[i++] = (unsigned char)( n ); */
/* memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); */
/* i += ssl->conf->psk_identity_len; */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
/* == MBEDTLS_KEY_EXCHANGE_PSK ) */
/* { */
/* n = 0; */
/* } */
/* else */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
/* == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
/* { */
/* /\* Code for PMS generation has been moved, */
/* * code for encryption and writing it hasn't. *\/ */
/* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) */
/* return( ret ); */
/* } */
/* else */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
/* == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) */
/* { */
/* /\* */
/* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */
/* *\/ */
/* n = ssl->handshake->dhm_ctx.len; */
/* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
/* { */
/* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" */
/* " or SSL buffer too short" ) ); */
/* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
/* } */
/* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
/* ssl->out_msg[i++] = (unsigned char)( n ); */
/* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
/* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
/* &ssl->out_msg[i], n, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
/* return( ret ); */
/* } */
/* } */
/* else */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
/*
* ClientECDiffieHellmanPublic public;
*/
/* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, */
/* &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
/* return( ret ); */
/* } */
/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
/* MBEDTLS_DEBUG_ECDH_Q ); */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
/* mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
/* return( ret ); */
/* } */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
/* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
/* MBEDTLS_KEY_EXCHANGE_RSA ) */
/* { */
/* i = 4; */
/* /\* Code for PMS generation has been moved, */
/* * code for encryption and writing it hasn't. *\/ */
/* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) */
/* return( ret ); */
/* } */
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
/* i = 4; */
/* ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, */
/* ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); */
/* return( ret ); */
/* } */
/* ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, */
/* ssl->handshake->premaster, 32, &ssl->handshake->pmslen, */
/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
/* ssl->conf->p_rng ); */
/* if( ret != 0 ) */
/* { */
/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); */
/* return( ret ); */
/* } */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
{
((void) ciphersuite_info);
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ssl->out_msglen = i + n;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
ssl->state++;
if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
return( 0 );
}
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED) #if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{ {