Restructure outgoing CliKeyExch: Move writing code
This commit moves the code responsible for
(a) generating the client's private and public (EC)DHE keys
(b) writing it to the message buffer
to the new writing function ssl_client_key_exchange_write().
As mentioned in the previous commit message, (a) and (b) are
currently inseparable at the (EC)DHE API level, which is why
(a) can't be moved to the preparation step.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 35542fb..38efd23 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3348,7 +3348,252 @@
size_t buflen,
size_t *olen )
{
- /* TBD */
+ int ret;
+ unsigned char *p, *end;
+ size_t n;
+ mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
+
+ /* NOTE: This function will generate different messages
+ * when it's called multiple times, because it currently
+ * includes private/public key generation in case of
+ * (EC)DH ciphersuites.
+ *
+ * It is therefore not suitable to be registered as a callback
+ * for retransmission, if such get introduced at some point.
+ *
+ * Also see the documentation of ssl_client_key_exchange_prepare().
+ */
+
+ p = buf + 4;
+ end = buf + buflen;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
+ {
+ /*
+ * DHM key exchange -- send G^X mod P
+ */
+ n = ssl->handshake->dhm_ctx.len;
+ if( (size_t)( end - p ) < n + 2 )
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+ p[0] = (unsigned char)( n >> 8 );
+ p[1] = (unsigned char)( n );
+ p += 2;
+
+ ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
+ (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ p, n, mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
+ return( ret );
+ }
+ MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
+ MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+ mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+ mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+ mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+ {
+ /*
+ * ECDH key exchange -- generate and send client public value
+ */
+
+ /* NOTE: If we ever switch the ECDH stack/API to allow
+ * independent key generation and export, we should have
+ * generated our key share in the preparation step, and
+ * we'd only do the export here. */
+ ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
+ &n, p, end - p,
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+ if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
+ return( ret );
+ }
+
+ MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
+ MBEDTLS_DEBUG_ECDH_Q );
+
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
+ {
+ /*
+ * opaque psk_identity<0..2^16-1>;
+ */
+ if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) );
+ return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ n = ssl->conf->psk_identity_len;
+ if( buflen < n + 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
+ "SSL buffer too short" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ p[0] = (unsigned char)( n >> 8 );
+ p[1] = (unsigned char)( n );
+ p += 2;
+
+ memcpy( p, ssl->conf->psk_identity, n );
+ p += ssl->conf->psk_identity_len;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_PSK )
+ {
+ ((void) ret);
+ ((void) end);
+ n = 0;
+ }
+ else
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+ {
+ if( ( ret = ssl_rsa_encrypt_partial_pms( ssl,
+ ssl->handshake->premaster + 2,
+ p, end - p, &n ) ) != 0 )
+ return( ret );
+ p += n;
+ }
+ else
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+ {
+ /*
+ * ClientDiffieHellmanPublic public (DHM send G^X mod P)
+ */
+ ((void) end);
+
+ n = ssl->handshake->dhm_ctx.len;
+
+ if( buflen < n + 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
+ " or SSL buffer too short" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ p[0] = (unsigned char)( n >> 8 );
+ p[1] = (unsigned char)( n );
+ p += 2;
+
+ ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
+ (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ p, n, mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
+ return( ret );
+ }
+
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ {
+ /*
+ * ClientECDiffieHellmanPublic public;
+ */
+ ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
+ p, buflen,
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+ return( ret );
+ }
+ MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_RSA )
+ {
+ if( ( ret = ssl_rsa_encrypt_partial_pms( ssl, ssl->handshake->premaster,
+ p, end - p, &n ) ) != 0 )
+ return( ret );
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+ == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ {
+ ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
+ p, end - p, &n,
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
+ return( ret );
+ }
+ p += n;
+ }
+ else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+ {
+ ((void) ciphersuite_info);
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ *olen = p - buf;
+ return( 0 );
}
static int ssl_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
@@ -3483,25 +3728,26 @@
/*
* DHM key exchange -- send G^X mod P
*/
- n = ssl->handshake->dhm_ctx.len;
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
- i = 6;
+ /* n = ssl->handshake->dhm_ctx.len; */
- ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[i], n,
- mbedtls_ssl_conf_get_frng( ssl->conf ),
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
- return( ret );
- }
+ /* ssl->out_msg[4] = (unsigned char)( n >> 8 ); */
+ /* ssl->out_msg[5] = (unsigned char)( n ); */
+ /* i = 6; */
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
- MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+ /* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
+ /* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
+ /* &ssl->out_msg[i], n, */
+ /* mbedtls_ssl_conf_get_frng( ssl->conf ), */
+ /* ssl->conf->p_rng ); */
+ /* if( ret != 0 ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
+ /* return( ret ); */
+ /* } */
+
+ /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); */
+ /* MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); */
/* if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, */
/* ssl->handshake->premaster, */
@@ -3534,35 +3780,35 @@
/*
* ECDH key exchange -- send client public value
*/
- i = 4;
+/* i = 4; */
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
- if( ssl->handshake->ecrs_enabled )
- {
- if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
- goto ecdh_calc_secret;
+/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
+/* if( ssl->handshake->ecrs_enabled ) */
+/* { */
+/* if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) */
+/* goto ecdh_calc_secret; */
- mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
- }
-#endif
+/* mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); */
+/* } */
+/* #endif */
- ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
- &n,
- &ssl->out_msg[i], 1000,
- mbedtls_ssl_conf_get_frng( ssl->conf ),
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
- if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
- ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
- return( ret );
- }
+/* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, */
+/* &n, */
+/* &ssl->out_msg[i], 1000, */
+/* mbedtls_ssl_conf_get_frng( ssl->conf ), */
+/* ssl->conf->p_rng ); */
+/* if( ret != 0 ) */
+/* { */
+/* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
+/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
+/* if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) */
+/* ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; */
+/* #endif */
+/* return( ret ); */
+/* } */
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
+/* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
+/* MBEDTLS_DEBUG_ECDH_Q ); */
/* #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) */
/* if( ssl->handshake->ecrs_enabled ) */
@@ -3604,78 +3850,79 @@
/*
* opaque psk_identity<0..2^16-1>;
*/
- if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) );
- return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
- }
- i = 4;
- n = ssl->conf->psk_identity_len;
+ /* if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) ); */
+ /* return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); */
+ /* } */
- if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
- "SSL buffer too short" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
+ /* i = 4; */
+ /* n = ssl->conf->psk_identity_len; */
- ssl->out_msg[i++] = (unsigned char)( n >> 8 );
- ssl->out_msg[i++] = (unsigned char)( n );
+ /* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " */
+ /* "SSL buffer too short" ) ); */
+ /* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
+ /* } */
- memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
- i += ssl->conf->psk_identity_len;
+ /* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
+ /* ssl->out_msg[i++] = (unsigned char)( n ); */
+
+ /* memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len ); */
+ /* i += ssl->conf->psk_identity_len; */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
- == MBEDTLS_KEY_EXCHANGE_PSK )
- {
- n = 0;
- }
- else
+ /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
+ /* == MBEDTLS_KEY_EXCHANGE_PSK ) */
+ /* { */
+ /* n = 0; */
+ /* } */
+ /* else */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
- == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
- /* Code for PMS generation has been moved,
- * code for encryption and writing it hasn't. */
- if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
- return( ret );
- }
- else
+ /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
+ /* == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
+ /* { */
+ /* /\* Code for PMS generation has been moved, */
+ /* * code for encryption and writing it hasn't. *\/ */
+ /* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 ) */
+ /* return( ret ); */
+ /* } */
+ /* else */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
- == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
- {
- /*
- * ClientDiffieHellmanPublic public (DHM send G^X mod P)
- */
- n = ssl->handshake->dhm_ctx.len;
+ /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
+ /* == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) */
+ /* { */
+ /* /\* */
+ /* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */
+ /* *\/ */
+ /* n = ssl->handshake->dhm_ctx.len; */
- if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
- " or SSL buffer too short" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
+ /* if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" */
+ /* " or SSL buffer too short" ) ); */
+ /* return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); */
+ /* } */
- ssl->out_msg[i++] = (unsigned char)( n >> 8 );
- ssl->out_msg[i++] = (unsigned char)( n );
+ /* ssl->out_msg[i++] = (unsigned char)( n >> 8 ); */
+ /* ssl->out_msg[i++] = (unsigned char)( n ); */
- ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[i], n,
- mbedtls_ssl_conf_get_frng( ssl->conf ),
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
- return( ret );
- }
- }
- else
+ /* ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, */
+ /* (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), */
+ /* &ssl->out_msg[i], n, */
+ /* mbedtls_ssl_conf_get_frng( ssl->conf ), */
+ /* ssl->conf->p_rng ); */
+ /* if( ret != 0 ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); */
+ /* return( ret ); */
+ /* } */
+ /* } */
+ /* else */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
@@ -3684,18 +3931,19 @@
/*
* ClientECDiffieHellmanPublic public;
*/
- ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
- &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
- mbedtls_ssl_conf_get_frng( ssl->conf ),
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
- return( ret );
- }
- MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
- MBEDTLS_DEBUG_ECDH_Q );
+ /* ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, */
+ /* &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i, */
+ /* mbedtls_ssl_conf_get_frng( ssl->conf ), */
+ /* ssl->conf->p_rng ); */
+ /* if( ret != 0 ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); */
+ /* return( ret ); */
+ /* } */
+
+ /* MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, */
+ /* MBEDTLS_DEBUG_ECDH_Q ); */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
@@ -3714,32 +3962,32 @@
else
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
- if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
- MBEDTLS_KEY_EXCHANGE_RSA )
- {
- i = 4;
- /* Code for PMS generation has been moved,
- * code for encryption and writing it hasn't. */
- if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
- return( ret );
- }
+ /* if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) == */
+ /* MBEDTLS_KEY_EXCHANGE_RSA ) */
+ /* { */
+ /* i = 4; */
+ /* /\* Code for PMS generation has been moved, */
+ /* * code for encryption and writing it hasn't. *\/ */
+ /* if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 ) */
+ /* return( ret ); */
+ /* } */
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
- i = 4;
+ /* i = 4; */
- ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
- ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
- mbedtls_ssl_conf_get_frng( ssl->conf ),
- ssl->conf->p_rng );
- if( ret != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
- return( ret );
- }
+ /* ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, */
+ /* ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n, */
+ /* mbedtls_ssl_conf_get_frng( ssl->conf ), */
+ /* ssl->conf->p_rng ); */
+ /* if( ret != 0 ) */
+ /* { */
+ /* MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); */
+ /* return( ret ); */
+ /* } */
/* ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, */
/* ssl->handshake->premaster, 32, &ssl->handshake->pmslen, */