ssl_write_server_key_exchange refactor: ssl_resume_server_key_exchange
Continue clarifying the control flow. This gets rid of the last goto
introduced by the initial code for asynchronous signature support.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f6db3c7..da6069d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2826,6 +2826,27 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
+ defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
+static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
+ size_t *signature_len )
+{
+ size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
+ - ( ssl->out_msg + ssl->out_msglen + 2 ) );
+ int ret = ssl->conf->f_async_resume( ssl->conf->p_async_connection_ctx,
+ ssl->handshake->p_async_operation_ctx,
+ ssl->out_msg + ssl->out_msglen + 2,
+ signature_len, sig_max_len );
+ MBEDTLS_SSL_DEBUG_RET( 3, "f_async_resume", ret );
+ if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
+ {
+ ssl->handshake->p_async_operation_ctx = NULL;
+ }
+ return( ret );
+}
+#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
+ defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
+
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len )
{
@@ -2844,16 +2865,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
- defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
- if( ssl->handshake->p_async_operation_ctx != NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
- goto async_resume;
- }
-#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
- defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
-
/*
*
* Part 1: Provide key exchange parameters for chosen ciphersuite.
@@ -3187,8 +3198,6 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
if( ssl->conf->f_async_sign_start != NULL )
{
- size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
- - ( ssl->out_msg + ssl->out_msglen + 2 ) );
ret = ssl->conf->f_async_sign_start(
ssl->conf->p_async_connection_ctx,
&ssl->handshake->p_async_operation_ctx,
@@ -3200,19 +3209,7 @@
/* act as if f_async_sign was null */
break;
case 0:
- async_resume:
- ret = ssl->conf->f_async_resume(
- ssl->conf->p_async_connection_ctx,
- ssl->handshake->p_async_operation_ctx,
- ssl->out_msg + ssl->out_msglen + 2,
- signature_len, sig_max_len );
- if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
- {
- ssl->handshake->p_async_operation_ctx = NULL;
- MBEDTLS_SSL_DEBUG_RET( 1, "f_async_resume", ret );
- return( ret );
- }
- /* FALLTHROUGH */
+ return( ssl_resume_server_key_exchange( ssl, signature_len ) );
case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) );
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
@@ -3275,10 +3272,26 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
- /* ServerKeyExchange is needed. Prepare the message. */
- ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
- if( ret != 0 )
- return( ret );
+ /* If we have already prepared the message and there is an ongoing
+ signature operation, resume signing. */
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
+ defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
+ if( ssl->handshake->p_async_operation_ctx != NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) );
+ ret = ssl_resume_server_key_exchange( ssl, &signature_len );
+ if( ret != 0 )
+ return( ret );
+ }
+ else
+#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
+ defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
+ {
+ /* ServerKeyExchange is needed. Prepare the message. */
+ ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
+ if( ret != 0 )
+ return( ret );
+ }
/* If there is a signature, write its length.
ssl_prepare_server_key_exchange already wrote the signature