mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 01:35:46 +00:00
Make variable in ssl_write_client_key_exchange() more descriptive
This commit is contained in:
parent
4a63ed421c
commit
c14a3bb5a6
|
@ -3018,7 +3018,9 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||||
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t i, n;
|
|
||||||
|
size_t header_len;
|
||||||
|
size_t content_len;
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||||
ssl->transform_negotiate->ciphersuite_info;
|
ssl->transform_negotiate->ciphersuite_info;
|
||||||
|
|
||||||
|
@ -3030,15 +3032,15 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* DHM key exchange -- send G^X mod P
|
* DHM key exchange -- send G^X mod P
|
||||||
*/
|
*/
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
content_len = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
|
||||||
ssl->out_msg[5] = (unsigned char)( n );
|
ssl->out_msg[5] = (unsigned char)( content_len );
|
||||||
i = 6;
|
header_len = 6;
|
||||||
|
|
||||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||||
&ssl->out_msg[i], n,
|
&ssl->out_msg[header_len], content_len,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3081,7 +3083,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||||
|
|
||||||
i = 4;
|
header_len = 4;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate EC private key for ECDHE exchange.
|
* Generate EC private key for ECDHE exchange.
|
||||||
|
@ -3133,9 +3135,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Copy ECPoint structure to outgoing message buffer. */
|
/* Copy ECPoint structure to outgoing message buffer. */
|
||||||
ssl->out_msg[i] = own_pubkey_ecpoint_len;
|
ssl->out_msg[header_len] = own_pubkey_ecpoint_len;
|
||||||
memcpy( ssl->out_msg + i + 1, own_pubkey_ecpoint, own_pubkey_ecpoint_len );
|
memcpy( ssl->out_msg + header_len + 1,
|
||||||
n = own_pubkey_ecpoint_len + 1;
|
own_pubkey_ecpoint, own_pubkey_ecpoint_len );
|
||||||
|
content_len = own_pubkey_ecpoint_len + 1;
|
||||||
|
|
||||||
/* Compute ECDH shared secret. */
|
/* Compute ECDH shared secret. */
|
||||||
status = psa_key_agreement( &generator,
|
status = psa_key_agreement( &generator,
|
||||||
|
@ -3185,7 +3188,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
/*
|
/*
|
||||||
* ECDH key exchange -- send client public value
|
* ECDH key exchange -- send client public value
|
||||||
*/
|
*/
|
||||||
i = 4;
|
header_len = 4;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
@ -3198,8 +3201,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||||
&n,
|
&content_len,
|
||||||
&ssl->out_msg[i], 1000,
|
&ssl->out_msg[header_len], 1000,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3217,13 +3220,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
{
|
{
|
||||||
ssl->handshake->ecrs_n = n;
|
ssl->handshake->ecrs_n = content_len;
|
||||||
ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
|
ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
ecdh_calc_secret:
|
ecdh_calc_secret:
|
||||||
if( ssl->handshake->ecrs_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
n = ssl->handshake->ecrs_n;
|
content_len = ssl->handshake->ecrs_n;
|
||||||
#endif
|
#endif
|
||||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
|
@ -3261,26 +3264,28 @@ ecdh_calc_secret:
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
i = 4;
|
header_len = 4;
|
||||||
n = ssl->conf->psk_identity_len;
|
content_len = ssl->conf->psk_identity_len;
|
||||||
|
|
||||||
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
|
||||||
"SSL buffer too short" ) );
|
"SSL buffer too short" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
||||||
ssl->out_msg[i++] = (unsigned char)( n );
|
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
||||||
|
|
||||||
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
|
memcpy( ssl->out_msg + header_len,
|
||||||
i += ssl->conf->psk_identity_len;
|
ssl->conf->psk_identity,
|
||||||
|
ssl->conf->psk_identity_len );
|
||||||
|
header_len += ssl->conf->psk_identity_len;
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||||
{
|
{
|
||||||
n = 0;
|
content_len = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
@ -3293,7 +3298,8 @@ ecdh_calc_secret:
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
|
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
|
||||||
|
&content_len, 2 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -3310,21 +3316,22 @@ ecdh_calc_secret:
|
||||||
/*
|
/*
|
||||||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||||
*/
|
*/
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
content_len = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( header_len + 2 + content_len >
|
||||||
|
MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
|
||||||
" or SSL buffer too short" ) );
|
" or SSL buffer too short" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
||||||
ssl->out_msg[i++] = (unsigned char)( n );
|
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
||||||
|
|
||||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||||
&ssl->out_msg[i], n,
|
&ssl->out_msg[header_len], content_len,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3346,8 +3353,10 @@ ecdh_calc_secret:
|
||||||
/*
|
/*
|
||||||
* ClientECDiffieHellmanPublic public;
|
* ClientECDiffieHellmanPublic public;
|
||||||
*/
|
*/
|
||||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
|
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||||
&ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
|
&content_len,
|
||||||
|
&ssl->out_msg[header_len],
|
||||||
|
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3388,8 +3397,9 @@ ecdh_calc_secret:
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
|
||||||
{
|
{
|
||||||
i = 4;
|
header_len = 4;
|
||||||
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
|
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
|
||||||
|
&content_len, 0 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -3397,10 +3407,12 @@ ecdh_calc_secret:
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||||
{
|
{
|
||||||
i = 4;
|
header_len = 4;
|
||||||
|
|
||||||
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
||||||
ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
|
ssl->out_msg + header_len,
|
||||||
|
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
|
||||||
|
&content_len,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3425,7 +3437,7 @@ ecdh_calc_secret:
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->out_msglen = i + n;
|
ssl->out_msglen = header_len + content_len;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue