commit 4f68b04018a35fe6aff4298565cdfc1f0c781809
author Hanno Becker <hanno.becker@arm.com> Mon Jul 22 15:58:19 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Aug 12 17:05:03 2019 +0100
tree 8a04b54556065ecd1e7c0b270e69cfeb0eca56cc
parent 87e3c9aae8180296b668d60c0a877885a37f9477

Restructure outgoing CliKeyExch: Remove old code

The code from the previous function ssl_write_client_key_exchange()
has been entirely moved to one of the newly introduced subroutines
and is no longer needed. This commit removes it.

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 38efd23..ded93a6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3706,324 +3706,6 @@
     return( 0 );
 }
 
-/* OLD CODE
- *
- * Temporarily included to gradually move it to the correct
- * place in the restructured code.
- *
- */
-
-static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t i, n;
-    mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
-        mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        /*
-         * DHM key exchange -- send G^X mod P
-         */
-
-        /* n = ssl->handshake->dhm_ctx.len; */
-
-        /* ssl->out_msg[4] = (unsigned char)( n >> 8 ); */
-        /* ssl->out_msg[5] = (unsigned char)( n      ); */
-        /* i = 6; */
-
-        /* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
-        /*                         (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
-        /*                        &ssl->out_msg[i], n, */
-        /*                         mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*                         ssl->conf->p_rng ); */
-        /* if( ret != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  ); */
-        /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); */
-
-        /* if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, */
-        /*                               ssl->handshake->premaster, */
-        /*                               MBEDTLS_PREMASTER_SIZE, */
-        /*                              &ssl->handshake->pmslen, */
-        /*                               mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*                               ssl->conf->p_rng ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  ); */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                       ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA                     ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDH_RSA                        ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        /*
-         * ECDH key exchange -- send client public value
-         */
-/*         i = 4; */
-
-/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
-/*         if( ssl->handshake->ecrs_enabled ) */
-/*         { */
-/*             if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) */
-/*                 goto ecdh_calc_secret; */
-
-/*             mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); */
-/*         } */
-/* #endif */
-
-/*         ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, */
-/*                                 &n, */
-/*                                 &ssl->out_msg[i], 1000, */
-/*                                 mbedtls_ssl_conf_get_frng( ssl->conf ), */
-/*                                 ssl->conf->p_rng ); */
-/*         if( ret != 0 ) */
-/*         { */
-/*             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
-/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
-/*             if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
-/*                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
-/* #endif */
-/*             return( ret ); */
-/*         } */
-
-/*         MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-/*                                 MBEDTLS_DEBUG_ECDH_Q ); */
-
-/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
-/*         if( ssl->handshake->ecrs_enabled ) */
-/*         { */
-/*             ssl->handshake->ecrs_n = n; */
-/*             ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; */
-/*         } */
-
-/* ecdh_calc_secret: */
-/*         if( ssl->handshake->ecrs_enabled ) */
-/*             n = ssl->handshake->ecrs_n; */
-/* #endif */
-/*         if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, */
-/*                                       &ssl->handshake->pmslen, */
-/*                                        ssl->handshake->premaster, */
-/*                                        MBEDTLS_MPI_MAX_SIZE, */
-/*                                        mbedtls_ssl_conf_get_frng( ssl->conf ), */
-/*                                        ssl->conf->p_rng ) ) != 0 ) */
-/*         { */
-/*             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); */
-/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
-/*             if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
-/*                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
-/* #endif */
-/*             return( ret ); */
-/*         } */
-
-/*         MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-/*                                 MBEDTLS_DEBUG_ECDH_Z ); */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
-    {
-        /*
-         * opaque psk_identity<0..2^16-1>;
-         */
-
-        /* if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) ); */
-        /*     return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); */
-        /* } */
-
-        /* i = 4; */
-        /* n = ssl->conf->psk_identity_len; */
-
-        /* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " */
-        /*                                 "SSL buffer too short" ) ); */
-        /*     return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
-        /* } */
-
-        /* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
-        /* ssl->out_msg[i++] = (unsigned char)( n      ); */
-
-        /* memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); */
-        /* i += ssl->conf->psk_identity_len; */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-        /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-        /*     == MBEDTLS_KEY_EXCHANGE_PSK ) */
-        /* { */
-        /*     n = 0; */
-        /* } */
-        /* else */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-        /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-        /*     == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
-        /* { */
-        /*     /\* Code for PMS generation has been moved, */
-        /*      * code for encryption and writing it hasn't. *\/ */
-        /*     if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) */
-        /*         return( ret ); */
-        /* } */
-        /* else */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-        /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-        /*     == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) */
-        /* { */
-        /*     /\* */
-        /*      * ClientDiffieHellmanPublic public (DHM send G^X mod P) */
-        /*      *\/ */
-        /*     n = ssl->handshake->dhm_ctx.len; */
-
-        /*     if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
-        /*     { */
-        /*         MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" */
-        /*                                     " or SSL buffer too short" ) ); */
-        /*         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
-        /*     } */
-
-        /*     ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
-        /*     ssl->out_msg[i++] = (unsigned char)( n      ); */
-
-        /*     ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
-        /*             (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
-        /*             &ssl->out_msg[i], n, */
-        /*             mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*             ssl->conf->p_rng ); */
-        /*     if( ret != 0 ) */
-        /*     { */
-        /*         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
-        /*         return( ret ); */
-        /*     } */
-        /* } */
-        /* else */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-        if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-            == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-        {
-            /*
-             * ClientECDiffieHellmanPublic public;
-             */
-
-            /* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, */
-            /*         &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, */
-            /*         mbedtls_ssl_conf_get_frng( ssl->conf ), */
-            /*         ssl->conf->p_rng ); */
-            /* if( ret != 0 ) */
-            /* { */
-            /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
-            /*     return( ret ); */
-            /* } */
-
-            /* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-            /*                         MBEDTLS_DEBUG_ECDH_Q ); */
-        }
-        else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        /* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
-        /*        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
-    /*     MBEDTLS_KEY_EXCHANGE_RSA ) */
-    /* { */
-    /*     i = 4; */
-    /*     /\* Code for PMS generation has been moved, */
-    /*      * code for encryption and writing it hasn't. *\/ */
-    /*     if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) */
-    /*         return( ret ); */
-    /* } */
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        /* i = 4; */
-
-        /* ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, */
-        /*         ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, */
-        /*         mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*         ssl->conf->p_rng ); */
-        /* if( ret != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, */
-        /*         ssl->handshake->premaster, 32, &ssl->handshake->pmslen, */
-        /*         mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*         ssl->conf->p_rng ); */
-        /* if( ret != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-    {
-        ((void) ciphersuite_info);
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    ssl->out_msglen  = i + n;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
-
-    return( 0 );
-}
-
 #if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
 {