Restructure incoming CliKeyExch: Remove old code

The code from the previous function ssl_parse_client_key_exchange() has been entirely moved to one of the newly introduced subroutines and is no longer needed. This commit removes it.
2024-11-26 18:45:43 +01:00 · 2019-07-22 17:07:50 +01:00 · 2019-07-22 17:07:50 +01:00 · 2eb716d626
commit 2eb716d626
parent e7c4eed9b8
1 changed files with 0 additions and 302 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -4442,308 +4442,6 @@ static int ssl_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
    return( 0 );
 }

-/* OLD CODE
- *
- * Temporarily included to gradually move it to the correct
- * place in the restructured code.
- *
- */
-
-static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
-        mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
-    unsigned char *p, *end;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
-
-/* #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ */
-/*     ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ */
-/*       defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) */
-/*     if( ( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-/*           == MBEDTLS_KEY_EXCHANGE_RSA_PSK || */
-/*           mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-/*           == MBEDTLS_KEY_EXCHANGE_RSA ) && */
-/*         ( ssl->handshake->async_in_progress != 0 ) ) */
-/*     { */
-/*         /\* We've already read a record and there is an asynchronous */
-/*          * operation in progress to decrypt it. So skip reading the */
-/*          * record. *\/ */
-/*         MBEDTLS_SSL_DEBUG_MSG( 3, ( "will resume decryption of previously-read record" ) ); */
-/*     } */
-/*     else */
-#endif
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    end = ssl->in_msg + ssl->in_hslen;
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        /* if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* if( p != end ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); */
-        /* } */
-
-        /* if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, */
-        /*                               ssl->handshake->premaster, */
-        /*                               MBEDTLS_PREMASTER_SIZE, */
-        /*                              &ssl->handshake->pmslen, */
-        /*                               mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*                               ssl->conf->p_rng ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  ); */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA                       ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA                     ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDH_RSA                        ||
-        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
-        == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        /* if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, */
-        /*                               p, end - p) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-        /*                         MBEDTLS_DEBUG_ECDH_QP ); */
-
-        /* if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, */
-        /*                               &ssl->handshake->pmslen, */
-        /*                                ssl->handshake->premaster, */
-        /*                                MBEDTLS_MPI_MAX_SIZE, */
-        /*                                mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*                                ssl->conf->p_rng ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-        /*                         MBEDTLS_DEBUG_ECDH_Z ); */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_PSK )
-    {
-        /* if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* if( p != end ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); */
-        /* } */
-
-        /* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
-        /*        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
-/* #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
-/*         if ( ssl->handshake->async_in_progress != 0 ) */
-/*         { */
-/*             /\* There is an asynchronous operation in progress to */
-/*              * decrypt the encrypted premaster secret, so skip */
-/*              * directly to resuming this operation. *\/ */
-/*             MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK identity already parsed" ) ); */
-/*             /\* Update p to skip the PSK identity. ssl_parse_encrypted_pms */
-/*              * won't actually use it, but maintain p anyway for robustness. *\/ */
-/*             p += ssl->conf->psk_identity_len + 2; */
-/*         } */
-/*         else */
-/* #endif /\* MBEDTLS_SSL_ASYNC_PRIVATE *\/ */
-/*         if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) */
-/*         { */
-/*             MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); */
-/*             return( ret ); */
-/*         } */
-
-        /* if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
-        /*        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        /* if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-        /* if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* if( p != end ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); */
-        /* } */
-
-        /* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
-        /*        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        /* if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-
-        /* if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, */
-        /*                                p, end - p ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); */
-        /* } */
-
-        /* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
-        /*                         MBEDTLS_DEBUG_ECDH_QP ); */
-
-        /* if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, */
-        /*        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        /* if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        /* ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, */
-        /*                                       p, end - p ); */
-        /* if( ret != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); */
-        /*     return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); */
-        /* } */
-
-        /* ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, */
-        /*         ssl->handshake->premaster, 32, &ssl->handshake->pmslen, */
-        /*         mbedtls_ssl_conf_get_frng( ssl->conf ), */
-        /*         ssl->conf->p_rng ); */
-        /* if( ret != 0 ) */
-        /* { */
-        /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); */
-        /*     return( ret ); */
-        /* } */
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    /* if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) */
-    /* { */
-    /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); */
-    /*     return( ret ); */
-    /* } */
-
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
-
-    return( 0 );
-}
-
 #if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
 {