mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change the code places of CERTIFICATE_REQUEST

Browse Source 
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-05-06 07:28:50 +00:00
parent 45c22201b3
commit cec9ae6259
1 changed files with 100 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
library/ssl_tls13_server.c
View File

@ -748,11 +748,6 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int authmode;
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= skip write certificate request" ) );
return( SSL_CERTIFICATE_REQUEST_SKIP );
}
authmode = ssl->conf->authmode;
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
@ -760,104 +755,6 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
}
/*
* struct {
* opaque certificate_request_context<0..2^8-1>;
* Extension extensions<2..2^16-1>;
* } CertificateRequest;
*
*/
static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
size_t extensions_len = 0;
unsigned char *p_extensions_len;
*out_len = 0;
/* Check if we have enough space:
* - certificate_request_context (1 byte)
* - extensions length (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
/*
* Write certificate_request_context
*/
/*
* We use a zero length context for the normal handshake
* messages. For post-authentication handshake messages
* this request context would be set to a non-zero value.
*/
*p++ = 0x0;
/*
* Write extensions
*/
/* The extensions must contain the signature_algorithms. */
p_extensions_len = p;
p += 2;
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &extensions_len );
if( ret != 0 )
return( ret );
/* length field for all extensions */
MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
p += extensions_len;
*out_len = p - buf;
return( 0 );
}
static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
{
unsigned char *buf;
size_t buf_len, msg_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
}
else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
ret = 0;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto cleanup;
}
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
@ -1292,6 +1189,106 @@ cleanup:
return( ret );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* struct {
* opaque certificate_request_context<0..2^8-1>;
* Extension extensions<2..2^16-1>;
* } CertificateRequest;
*
*/
static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
size_t *out_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
size_t extensions_len = 0;
unsigned char *p_extensions_len;
*out_len = 0;
/* Check if we have enough space:
* - certificate_request_context (1 byte)
* - extensions length (2 bytes)
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
/*
* Write certificate_request_context
*/
/*
* We use a zero length context for the normal handshake
* messages. For post-authentication handshake messages
* this request context would be set to a non-zero value.
*/
*p++ = 0x0;
/*
* Write extensions
*/
/* The extensions must contain the signature_algorithms. */
p_extensions_len = p;
p += 2;
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &extensions_len );
if( ret != 0 )
return( ret );
/* length field for all extensions */
MBEDTLS_PUT_UINT16_BE( extensions_len, p_extensions_len, 0 );
p += extensions_len;
*out_len = p - buf;
return( 0 );
}
static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
{
unsigned char *buf;
size_t buf_len, msg_len;
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len ) );
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
}
else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
ret = 0;
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto cleanup;
}
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
* TLS 1.3 State Machine -- server side
*/