mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-04 04:32:24 -05:00
Clean up existing SSL restartable ECC code
- more consistent naming with ecrs prefix for everything - always check it enabled before touching the rest - rm duplicated code in parse_server_hello()
This commit is contained in:
Manuel Pégourié-Gonnard
parent
8b59049407
commit
d27d1a5a82
@ -227,8 +227,8 @@ struct mbedtls_ssl_handshake_params
|
|||||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
int ec_restart_enabled; /*!< Handshake supports EC restart? */
|
int ecrs_enabled; /*!< Handshake supports EC restart? */
|
||||||
mbedtls_ecdsa_restart_ctx rs_ctx; /*!< ECDSA restart context */
|
mbedtls_ecdsa_restart_ctx ecrs_ctx; /*!< ECDSA restart context */
|
||||||
enum {
|
enum {
|
||||||
ssl_ecrs_init = 0, /*!< just getting started */
|
ssl_ecrs_init = 0, /*!< just getting started */
|
||||||
ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */
|
ssl_ecrs_ske_read, /*!< ServerKeyExchange was read */
|
||||||
|
|||||||
@ -1701,7 +1701,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
|
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
ssl->handshake->ec_restart_enabled = 1;
|
ssl->handshake->ecrs_enabled = 1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1723,14 +1723,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
|
||||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
|
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
|
||||||
{
|
|
||||||
ssl->handshake->ec_restart_enabled = 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if( comp != MBEDTLS_SSL_COMPRESS_NULL
|
if( comp != MBEDTLS_SSL_COMPRESS_NULL
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
|
&& comp != MBEDTLS_SSL_COMPRESS_DEFLATE
|
||||||
@ -2312,8 +2304,11 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_state == ssl_ecrs_ske_read )
|
if( ssl->handshake->ecrs_enabled &&
|
||||||
goto ske_process;
|
ssl->handshake->ecrs_state == ssl_ecrs_ske_read )
|
||||||
|
{
|
||||||
|
goto ske_process;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
|
||||||
@ -2323,6 +2318,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ssl->handshake->ecrs_enabled )
|
||||||
ssl->handshake->ecrs_state++;
|
ssl->handshake->ecrs_state++;
|
||||||
|
|
||||||
ske_process:
|
ske_process:
|
||||||
@ -2618,8 +2614,8 @@ ske_process:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ec_restart_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
rs_ctx = &ssl->handshake->rs_ctx;
|
rs_ctx = &ssl->handshake->ecrs_ctx;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_verify_restartable(
|
if( ( ret = mbedtls_pk_verify_restartable(
|
||||||
@ -2636,7 +2632,8 @@ ske_process:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
ssl->handshake->ecrs_state++;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
ssl->handshake->ecrs_state++;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||||
@ -2902,11 +2899,13 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
i = 4;
|
i = 4;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ec_restart_enabled)
|
if( ssl->handshake->ecrs_enabled )
|
||||||
mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
|
{
|
||||||
|
if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done )
|
||||||
|
goto ecdh_calc_secret;
|
||||||
|
|
||||||
if( ssl->handshake->ecrs_state == ssl_ecrs_ecdh_public_done )
|
mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
|
||||||
goto ecdh_calc_secret;
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||||
@ -2922,11 +2921,15 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
ssl->handshake->ecrs_n = n;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
ssl->handshake->ecrs_state++;
|
{
|
||||||
|
ssl->handshake->ecrs_n = n;
|
||||||
|
ssl->handshake->ecrs_state++;
|
||||||
|
}
|
||||||
|
|
||||||
ecdh_calc_secret:
|
ecdh_calc_secret:
|
||||||
n = ssl->handshake->ecrs_n;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
n = ssl->handshake->ecrs_n;
|
||||||
#endif
|
#endif
|
||||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
@ -2941,7 +2944,8 @@ ecdh_calc_secret:
|
|||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
ssl->handshake->ecrs_state++;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
ssl->handshake->ecrs_state++;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -3162,8 +3166,11 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ecrs_state == ssl_ecrs_keys_derived )
|
if( ssl->handshake->ecrs_enabled &&
|
||||||
|
ssl->handshake->ecrs_state == ssl_ecrs_keys_derived )
|
||||||
|
{
|
||||||
goto keys_derived;
|
goto keys_derived;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
|
||||||
@ -3173,7 +3180,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
ssl->handshake->ecrs_state++;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
ssl->handshake->ecrs_state++;
|
||||||
|
|
||||||
keys_derived:
|
keys_derived:
|
||||||
#endif
|
#endif
|
||||||
@ -3281,8 +3289,8 @@ keys_derived:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ssl->handshake->ec_restart_enabled )
|
if( ssl->handshake->ecrs_enabled )
|
||||||
rs_ctx = &ssl->handshake->rs_ctx;
|
rs_ctx = &ssl->handshake->ecrs_ctx;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
|
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
|
||||||
@ -3295,7 +3303,8 @@ keys_derived:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
ssl->handshake->ecrs_state++;
|
if( ssl->handshake->ecrs_enabled )
|
||||||
|
ssl->handshake->ecrs_state++;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
|
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
|
||||||
|
|||||||
@ -5473,7 +5473,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_init( &handshake->rs_ctx );
|
mbedtls_ecdsa_restart_init( &handshake->ecrs_ctx );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
@ -7309,7 +7309,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
|
|||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
mbedtls_ecdsa_restart_free( &handshake->rs_ctx );
|
mbedtls_ecdsa_restart_free( &handshake->ecrs_ctx );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user