yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-11 21:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssl_write_server_key_exchange refactor: ssl_resume_server_key_exchange

Browse source 
Continue clarifying the control flow. This gets rid of the last goto
introduced by the initial code for asynchronous signature support.
This commit is contained in:
Gilles Peskine 2018-01-06 03:34:20 +01:00
parent d04d292b64
commit ebd30ae205
1 changed files with 42 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
library/ssl_srv.c
View file

@ -2826,6 +2826,27 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len )
{
size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
- ( ssl->out_msg + ssl->out_msglen + 2 ) );
int ret = ssl->conf->f_async_resume( ssl->conf->p_async_connection_ctx,
ssl->handshake->p_async_operation_ctx,
ssl->out_msg + ssl->out_msglen + 2,
signature_len, sig_max_len );
MBEDTLS_SSL_DEBUG_RET( 3, "f_async_resume", ret );
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
{
ssl->handshake->p_async_operation_ctx = NULL;
}
return( ret );
}
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len ) size_t *signature_len )
{ {
@ -2844,16 +2865,6 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
if( ssl->handshake->p_async_operation_ctx != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
goto async_resume;
}
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
/* /*
* *
* Part 1: Provide key exchange parameters for chosen ciphersuite. * Part 1: Provide key exchange parameters for chosen ciphersuite.
@ -3187,8 +3198,6 @@ curve_matching_done:
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
if( ssl->conf->f_async_sign_start != NULL ) if( ssl->conf->f_async_sign_start != NULL )
{ {
size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
- ( ssl->out_msg + ssl->out_msglen + 2 ) );
ret = ssl->conf->f_async_sign_start( ret = ssl->conf->f_async_sign_start(
ssl->conf->p_async_connection_ctx, ssl->conf->p_async_connection_ctx,
&ssl->handshake->p_async_operation_ctx, &ssl->handshake->p_async_operation_ctx,
@ -3200,19 +3209,7 @@ curve_matching_done:
/* act as if f_async_sign was null */ /* act as if f_async_sign was null */
break; break;
case 0: case 0:
async_resume: return( ssl_resume_server_key_exchange( ssl, signature_len ) );
ret = ssl->conf->f_async_resume(
ssl->conf->p_async_connection_ctx,
ssl->handshake->p_async_operation_ctx,
ssl->out_msg + ssl->out_msglen + 2,
signature_len, sig_max_len );
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
{
ssl->handshake->p_async_operation_ctx = NULL;
MBEDTLS_SSL_DEBUG_RET( 1, "f_async_resume", ret );
return( ret );
}
/* FALLTHROUGH */
case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) );
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
@ -3275,10 +3272,26 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
/* ServerKeyExchange is needed. Prepare the message. */ /* If we have already prepared the message and there is an ongoing
ret = ssl_prepare_server_key_exchange( ssl, &signature_len ); signature operation, resume signing. */
if( ret != 0 ) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
return( ret ); defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
if( ssl->handshake->p_async_operation_ctx != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
ret = ssl_resume_server_key_exchange( ssl, &signature_len );
if( ret != 0 )
return( ret );
}
else
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
{
/* ServerKeyExchange is needed. Prepare the message. */
ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
if( ret != 0 )
return( ret );
}
/* If there is a signature, write its length. /* If there is a signature, write its length.
ssl_prepare_server_key_exchange already wrote the signature ssl_prepare_server_key_exchange already wrote the signature