From dafe5227d4449bfd898c12b713ffb802686c65ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 May 2019 09:16:16 +0200 Subject: [PATCH] Reduce indentation in ssl_compute_master() Exit earlier when there's noting to do. For a small diff, review with 'git show -w'. --- library/ssl_tls.c | 91 +++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 50 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 87e3c7b96..bdfb34d64 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1094,7 +1094,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, } /* - * Compute master secret + * Compute master secret if needed */ static int ssl_compute_master( mbedtls_ssl_context *ssl ) { @@ -1103,65 +1103,46 @@ static int ssl_compute_master( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; mbedtls_ssl_session *session = ssl->session_negotiate; - /* - * SSLv3: - * master = - * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + - * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + - * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) - * - * TLSv1+: - * master = PRF( premaster, "master secret", randbytes )[0..47] - */ - if( handshake->resume == 0 ) + if( handshake->resume != 0 ) { - MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, - handshake->pmslen ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); + return( 0 ); + } + + MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster, + handshake->pmslen ); #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) - { - unsigned char session_hash[48]; - size_t hash_len; + if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) + { + unsigned char session_hash[48]; + size_t hash_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) ); - ssl->handshake->calc_verify( ssl, session_hash ); + ssl->handshake->calc_verify( ssl, session_hash ); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) + { #if defined(MBEDTLS_SHA512_C) - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - { - hash_len = 48; - } - else -#endif - hash_len = 32; + if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + { + hash_len = 48; } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - hash_len = 36; - - MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); - - ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - "extended master secret", - session_hash, hash_len, - session->master, 48 ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); - } - +#endif + hash_len = 32; } else -#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + hash_len = 36; + + MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); + ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - "master secret", - handshake->randbytes, 64, + "extended master secret", + session_hash, hash_len, session->master, 48 ); if( ret != 0 ) { @@ -1169,11 +1150,21 @@ static int ssl_compute_master( mbedtls_ssl_context *ssl ) return( ret ); } - mbedtls_platform_zeroize( handshake->premaster, - sizeof(handshake->premaster) ); } else - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); +#endif + ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, + "master secret", + handshake->randbytes, 64, + session->master, 48 ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } + + mbedtls_platform_zeroize( handshake->premaster, + sizeof(handshake->premaster) ); return( 0 ); }