From dc8bfb9001bd0b1acacaf80eeaf17c44d6d66773 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 21 May 2018 17:24:27 +0100 Subject: [PATCH] Restructure incoming CliKeyExch: Move key derivation code This commit moves the generation of the master secret and session keys from the premaster secret (done in mbedtlsssl_derive_keys()) from the previous ClientKeyExchange parsing function ssl_parse_client_key_exchange() to the new postprocessing function ssl_client_key_exchange_postprocess(). --- library/ssl_srv.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5f10e249f..5737411f4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4109,6 +4109,14 @@ static int ssl_client_key_exchange_parse( mbedtls_ssl_context *ssl, /* Update the handshake state */ static int ssl_client_key_exchange_postprocess( mbedtls_ssl_context *ssl ) { + int ret; + + if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); + return( ret ); + } + ssl->state = MBEDTLS_SSL_CERTIFICATE_VERIFY; return( 0 ); } @@ -4400,11 +4408,11 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); - } + /* if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) */ + /* { */ + /* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); */ + /* return( ret ); */ + /* } */ ssl->state++;