TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-11 22:42:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove ciphersuite from handshake params if single suite hardcoded

Browse Source 
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type

  mbedtls_ssl_ciphersuite_handle_t

is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.

The SSL handshake structure mbedtls_ssl_handshake_params contains
an instance of mbedtls_ssl_ciphersuite_handle_t which is guaranteed
to be valid, and which is hence redundant in any two-valued
implementation of mbedtls_ssl_ciphersuite_handle_t.

This commit replaces read-uses of

  mbedtls_ssl_handshake_params::ciphersuite_info

by a getter functions which, and defines this getter function
either by just reading the field from the handshake structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_handshake_params in this case.
This commit is contained in:
Hanno Becker
2019-06-26 13:02:22 +01:00
parent 2d46b4f2a1
commit df64596733
4 changed files with 53 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/mbedtls/ssl_internal.h
View File

@@ -501,7 +501,9 @@ struct mbedtls_ssl_handshake_params
const unsigned char *, size_t,
unsigned char *, size_t);
#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
size_t pmslen; /*!< premaster length */
@@ -556,6 +558,21 @@ static inline int mbedtls_ssl_hs_get_extended_ms(
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite(
mbedtls_ssl_handshake_params const *handshake )
{
return( handshake->ciphersuite_info );
}
#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite(
mbedtls_ssl_handshake_params const *handshake )
{
((void) handshake);
return( MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE );
}
#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
/*