Change the code places of CERTIFICATE_REQUEST
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 01dff8c..ac6d40e 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -748,11 +748,6 @@
{
int authmode;
- if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= skip write certificate request" ) );
- return( SSL_CERTIFICATE_REQUEST_SKIP );
- }
authmode = ssl->conf->authmode;
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
@@ -760,104 +755,6 @@
return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
}
-
-/*
- * struct {
- * opaque certificate_request_context<0..2^8-1>;
- * Extension extensions<2..2^16-1>;
- * } CertificateRequest;
- *
- */
-static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *out_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *p = buf;
- size_t extensions_len = 0;
- unsigned char *p_extensions_len;
-
- *out_len = 0;
-
- /* Check if we have enough space:
- * - certificate_request_context (1 byte)
- * - extensions length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
-
- /*
- * Write certificate_request_context
- */
- /*
- * We use a zero length context for the normal handshake
- * messages. For post-authentication handshake messages
- * this request context would be set to a non-zero value.
- */
- *p++ = 0x0;
-
- /*
- * Write extensions
- */
- /* The extensions must contain the signature_algorithms. */
- p_extensions_len = p;
- p += 2;
- ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &extensions_len );
- if( ret != 0 )
- return( ret );
-
- /* length field for all extensions */
- MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
- p += extensions_len;
-
- *out_len = p - buf;
-
- return( 0 );
-}
-
-static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
-
- MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
-
- if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
- {
- unsigned char *buf;
- size_t buf_len, msg_len;
-
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
- ssl, buf, buf + buf_len, &msg_len ) );
-
- mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
-
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
- ssl, buf_len, msg_len ) );
- }
- else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
- ret = 0;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto cleanup;
- }
-
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
-cleanup:
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
- return( ret );
-}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
@@ -1292,6 +1189,106 @@
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * struct {
+ * opaque certificate_request_context<0..2^8-1>;
+ * Extension extensions<2..2^16-1>;
+ * } CertificateRequest;
+ *
+ */
+static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t extensions_len = 0;
+ unsigned char *p_extensions_len;
+
+ *out_len = 0;
+
+ /* Check if we have enough space:
+ * - certificate_request_context (1 byte)
+ * - extensions length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+
+ /*
+ * Write certificate_request_context
+ */
+ /*
+ * We use a zero length context for the normal handshake
+ * messages. For post-authentication handshake messages
+ * this request context would be set to a non-zero value.
+ */
+ *p++ = 0x0;
+
+ /*
+ * Write extensions
+ */
+ /* The extensions must contain the signature_algorithms. */
+ p_extensions_len = p;
+ p += 2;
+ ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &extensions_len );
+ if( ret != 0 )
+ return( ret );
+
+ /* length field for all extensions */
+ MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
+ p += extensions_len;
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+
+ if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
+ {
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
+ ssl, buf, buf + buf_len, &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+ }
+ else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ ret = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
/*
* TLS 1.3 State Machine -- server side
*/