Restructure SrvKeyExchange: Move static DH parameter extraction

This code moves the code-path that extracts static DH parameters
from the server's CRT (if applicable) to the new function
ssl_server_key_exchange_prepare().

library/ssl_cli.c

@@ -2663,8 +2663,7 @@ static int ssl_process_server_key_exchange( mbedtls_ssl_context *ssl )
             ssl->in_msg[0]  != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_pend_alert_message( ssl,
+            mbedtls_ssl_pend_fatal_alert( ssl,
-                                     MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                      MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
             ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
             goto cleanup;
@@ -2696,7 +2695,33 @@ cleanup:
 
 static int ssl_server_key_exchange_prepare( mbedtls_ssl_context *ssl )
 {
-    /* TBD */
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+        ssl->transform_negotiate->ciphersuite_info;
+    ((void) ciphersuite_info);
+
+    /* If applicable, extract static DH parameters from Server CRT. */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
+        MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
+        MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+    {
+        int ret;
+
+        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
+            mbedtls_ssl_pend_fatal_alert( ssl,
+                                     MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+            return( ret );
+        }
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+    return( 0 );
 }
 
 static int ssl_server_key_exchange_coordinate( mbedtls_ssl_context *ssl )
@@ -2746,25 +2771,25 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
+/*     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-        MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+/*         MBEDTLS_KEY_EXCHANGE_ECDH_RSA || */
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
+/*         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-        MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+/*         MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) */
-    {
+/*     { */
-        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
+/*         if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) */
-        {
+/*         { */
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
+/*             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); */
-            mbedtls_ssl_pend_fatal_alert( ssl,
+/*             mbedtls_ssl_pend_fatal_alert( ssl, */
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+/*                                     MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); */
-            return( ret );
+/*             return( ret ); */
-        }
+/*         } */
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+/*         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); */
-        ssl->state++;
+/*         ssl->state++; */
-        return( 0 );
+/*         return( 0 ); */
-    }
+/*     } */
-    ((void) p);
+/*     ((void) p); */
-    ((void) end);
+/*     ((void) end); */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */