Restructure SrvKeyExchange: Move msg skipping for PSK and RSA-PSK

In the PSK and RSA-PSK ciphersuites, the ServerKeyExchange message
MAY be skipped. This commit moves the code-path peeking at the
incoming message to decide whether it's probably a ServerKeyExchange
to the new coordination function ssl_server_key_exchange_coordinate().

library/ssl_cli.c

@@ -2730,6 +2730,13 @@ static int ssl_server_key_exchange_coordinate( mbedtls_ssl_context *ssl )
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
+    /* The ServerKeyExchange message is not used for
+     * - RSA or
+     * - static ECDH
+     * ciphersuites.
+     * It MAY be used in PSK or RSA-PSK.
+     */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ==
         MBEDTLS_KEY_EXCHANGE_RSA )
@@ -2750,6 +2757,33 @@ static int ssl_server_key_exchange_coordinate( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
+    /*
+     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
+     * doesn't use a psk_identity_hint. Peek at next message to decide whether
+     * the ServerKeyExchange is being skipped or not.
+     */
+
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_PSK ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    {
+        if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+            return( ret );
+        }
+        ssl->keep_current_message = 1;
+
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            ssl->in_msg[0]  != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
+        {
+            /* Current message is probably either
+             * CertificateRequest or ServerHelloDone */
+            return( SSL_SRV_KEY_EXCHANGE_SKIP );
+        }
+    }
+
     return( SSL_SRV_KEY_EXCHANGE_EXPECTED );
 }
 
@@ -2825,44 +2859,44 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
     }
 #endif
 
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
+    /* if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) */
-    {
+    /* { */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+    /*     MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); */
-        return( ret );
+    /*     return( ret ); */
-    }
+    /* } */
 
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    /* if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) */
-    {
+    /* { */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+    /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); */
-        mbedtls_ssl_pend_fatal_alert( ssl,
+    /*     mbedtls_ssl_pend_fatal_alert( ssl, */
-                               MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+    /*                            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); */
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    /*     return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); */
-    }
+    /* } */
 
-    /*
+    /* /\* */
-     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
+    /*  * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server */
-     * doesn't use a psk_identity_hint
+    /*  * doesn't use a psk_identity_hint */
-     */
+    /*  *\/ */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
+    /* if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) */
-    {
+    /* { */
-        if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+    /*     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-            == MBEDTLS_KEY_EXCHANGE_PSK ||
+    /*         == MBEDTLS_KEY_EXCHANGE_PSK || */
-            mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+    /*         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) */
-            == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    /*         == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) */
-        {
+    /*     { */
-            /* Current message is probably either
+    /*         /\* Current message is probably either */
-             * CertificateRequest or ServerHelloDone */
+    /*          * CertificateRequest or ServerHelloDone *\/ */
-            ssl->keep_current_message = 1;
+    /*         ssl->keep_current_message = 1; */
-            goto exit;
+    /*         goto exit; */
-        }
+    /*     } */
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must "
+    /*     MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " */
-                                    "not be skipped" ) );
+    /*                                 "not be skipped" ) ); */
-        mbedtls_ssl_pend_fatal_alert( ssl,
+    /*     mbedtls_ssl_pend_fatal_alert( ssl, */
-                               MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+    /*                            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); */
 
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    /*     return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); */
-    }
+    /* } */
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
     if( ssl->handshake->ecrs_enabled )