Move state change from CLIENT_CERTIFICATE to its main handler

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:44:27 +01:00 · 2022-03-09 07:44:27 +01:00 · 7a94aca81a
commit 7a94aca81a
parent 5bb8fc830a
2 changed files with 21 additions and 26 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1923,19 +1923,36 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
 */
 static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
 {
+    int non_empty_certificate_msg = 0;
+
    MBEDTLS_SSL_DEBUG_MSG( 1,
                  ( "Switch to handshake traffic keys for outbound traffic" ) );
    mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    if( ssl->handshake->client_auth )
-        return( mbedtls_ssl_tls13_write_certificate( ssl ) );
+    {
+        int ret = mbedtls_ssl_tls13_write_certificate( ssl );
+        if( ret != 0 )
+            return( ret );

-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
+        if( mbedtls_ssl_own_cert( ssl ) != NULL )
+            non_empty_certificate_msg = 1;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
+    }
 #endif

+   if( non_empty_certificate_msg )
+   {
+        mbedtls_ssl_handshake_set_state( ssl,
+                                         MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+   }
+   else
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+
    return( 0 );
 }

--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -934,27 +934,6 @@ static int ssl_tls13_write_certificate_body( mbedtls_ssl_context *ssl,
    return( 0 );
 }

-static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
-        if( ssl->handshake->client_auth && crt != NULL )
-        {
-            mbedtls_ssl_handshake_set_state( ssl,
-                                        MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
-        }
-        else
-            mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-        return( 0 );
-    }
-    else
-#endif /* MBEDTLS_SSL_CLI_C */
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
 int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
 {
    int ret;
@ -976,7 +955,6 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
                                              buf,
                                              msg_len );

-    MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) );
    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg(
                              ssl, buf_len, msg_len ) );
 cleanup: