Commit 19ed1ec1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Split out ECDHE from process CKE code 



Continuing from the previous commits, this splits out the ECDHE code into
a separate function from the process CKE code.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 642360f9

ssl/statem/statem_srvr.c

+70 −61
Original line number Diff line number Diff line
@@ -2331,49 +2331,19 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) 
#endif

}



MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)

static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)

{

    int al = -1;

    unsigned long alg_k;



    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;



    /* For PSK parse and retrieve identity, obtain PSK key */

    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al))

        goto err;



    if (alg_k & SSL_kPSK) {

        /* Identity extracted earlier: should be nothing left */

        if (PACKET_remaining(pkt) != 0) {

            al = SSL_AD_HANDSHAKE_FAILURE;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);

            goto f_err;

        }

        /* PSK handled by ssl_generate_master_secret */

        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            goto f_err;

        }

    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {

        if (!tls_process_cke_rsa(s, pkt, &al))

            goto err;

    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

        if (!tls_process_cke_dhe(s, pkt, &al))

            goto err;

    } else



#ifndef OPENSSL_NO_EC

    if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

    EVP_PKEY *skey = s->s3->tmp.pkey;

    EVP_PKEY *ckey = NULL;

    int ret = 0;



    if (PACKET_remaining(pkt) == 0L) {

        /* We don't support ECDH client auth */

            al = SSL_AD_HANDSHAKE_FAILURE;

        *al = SSL_AD_HANDSHAKE_FAILURE;

        SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,

               SSL_R_MISSING_TMP_ECDH_KEY);

            goto f_err;

        goto err;

    } else {

        unsigned int i;

        const unsigned char *data;
@@ -2385,10 +2355,10 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) 


        /* Get encoded point length */

        if (!PACKET_get_1(pkt, &i)) {

                al = SSL_AD_DECODE_ERROR;

            *al = SSL_AD_DECODE_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,

                   SSL_R_LENGTH_MISMATCH);

                goto f_err;

            goto err;

        }

        if (!PACKET_get_bytes(pkt, &data, i)

                || PACKET_remaining(pkt) != 0) {
@@ -2398,31 +2368,70 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) 
        ckey = EVP_PKEY_new();

        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);

                EVP_PKEY_free(ckey);

            goto err;

        }

        if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,

                           NULL) == 0) {

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);

                EVP_PKEY_free(ckey);

            goto err;

        }

    }



    if (ssl_derive(s, skey, ckey) == 0) {

            al = SSL_AD_INTERNAL_ERROR;

        *al = SSL_AD_INTERNAL_ERROR;

        SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            EVP_PKEY_free(ckey);

            goto f_err;

        goto err;

    }



        EVP_PKEY_free(ckey);

    ret = 1;

    EVP_PKEY_free(s->s3->tmp.pkey);

    s->s3->tmp.pkey = NULL;

 err:

    EVP_PKEY_free(ckey);



        return MSG_PROCESS_CONTINUE_PROCESSING;

    } else

    return ret;

#else

    /* Should never happen */

    *al = SSL_AD_INTERNAL_ERROR;

    SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

    return 0;

#endif

}



MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)

{

    int al = -1;

    unsigned long alg_k;



    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;



    /* For PSK parse and retrieve identity, obtain PSK key */

    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al))

        goto err;



    if (alg_k & SSL_kPSK) {

        /* Identity extracted earlier: should be nothing left */

        if (PACKET_remaining(pkt) != 0) {

            al = SSL_AD_HANDSHAKE_FAILURE;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);

            goto f_err;

        }

        /* PSK handled by ssl_generate_master_secret */

        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            goto f_err;

        }

    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {

        if (!tls_process_cke_rsa(s, pkt, &al))

            goto err;

    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

        if (!tls_process_cke_dhe(s, pkt, &al))

            goto err;

    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

        if (!tls_process_cke_ecdhe(s, pkt, &al))

            goto err;

    } else

#ifndef OPENSSL_NO_SRP

    if (alg_k & SSL_kSRP) {

        unsigned int i;