yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:15:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

ssl_write_server_key_exchange refactor: don't use p at all

Browse Source 
Use ssl->out_msglen as the cursor in ssl->out_msg throughout, rather
than switching a between pointer and an offset.
This commit is contained in:
Gilles Peskine 2018-01-08 17:13:01 +01:00
parent d3eb0619a6
commit f9f15ae5a1
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
library/ssl_srv.c
View File

@ -2855,15 +2855,17 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
{ {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info; ssl->transform_negotiate->ciphersuite_info;
unsigned char *p = ssl->out_msg + 4;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
unsigned char *dig_signed = NULL; unsigned char *dig_signed = NULL;
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
(void) ciphersuite_info; /* unused in some configurations */ (void) ciphersuite_info; /* unused in some configurations */
(void) signature_len; /* unused in some configurations */ (void) signature_len; /* unused in some configurations */
ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */
/* /*
* *
* Part 1: Provide key exchange parameters for chosen ciphersuite. * Part 1: Provide key exchange parameters for chosen ciphersuite.
@ -2877,18 +2879,20 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{ {
int ret; int ret;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t len; size_t len;
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_write_round_two(
p, end - p, &len, ssl->conf->f_rng, ssl->conf->p_rng ); &ssl->handshake->ecjpake_ctx,
ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen, &len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
return( ret ); return( ret );
} }
p += len; ssl->out_msglen += len;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@ -2902,8 +2906,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{ {
*(p++) = 0x00; ssl->out_msg[ssl->out_msglen++] = 0x00;
*(p++) = 0x00; ssl->out_msg[ssl->out_msglen++] = 0x00;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@ -2939,19 +2943,21 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx, if( ( ret = mbedtls_dhm_make_params(
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), &ssl->handshake->dhm_ctx,
p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
ssl->out_msg + ssl->out_msglen, &len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
return( ret ); return( ret );
} }
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p; dig_signed = ssl->out_msg + ssl->out_msglen;
#endif #endif
p += len; ssl->out_msglen += len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
@ -3003,7 +3009,8 @@ curve_matching_done:
if( ( ret = mbedtls_ecdh_make_params( if( ( ret = mbedtls_ecdh_make_params(
&ssl->handshake->ecdh_ctx, &len, &ssl->handshake->ecdh_ctx, &len,
p, ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN - p, ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
@ -3011,17 +3018,15 @@ curve_matching_done:
} }
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p; dig_signed = ssl->out_msg + ssl->out_msglen;
#endif #endif
p += len; ssl->out_msglen += len;
MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q ); MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
} }
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
ssl->out_msglen = p - ssl->out_msg;
/* /*
* *
* Part 2: For key exchanges involving the server signing the * Part 2: For key exchanges involving the server signing the