Remove mbedtls_ssl_transform::minor_ver if the version is hardcoded

This commit is contained in:
Hanno Becker 2019-06-24 15:46:40 +01:00
parent 0f902b71a8
commit 0a92b8156d
2 changed files with 40 additions and 11 deletions

View file

@ -709,7 +709,10 @@ struct mbedtls_ssl_transform
mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */
mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */
#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
int minor_ver; int minor_ver;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
uint8_t in_cid_len; uint8_t in_cid_len;
@ -727,6 +730,16 @@ struct mbedtls_ssl_transform
#endif #endif
}; };
static inline int mbedtls_ssl_transform_get_minor_ver( mbedtls_ssl_transform const *transform )
{
#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
return( transform->minor_ver );
#else
((void) transform);
return( MBEDTLS_SSL_CONF_FIXED_MINOR_VER );
#endif
}
/* /*
* Internal representation of record frames * Internal representation of record frames
* *

View file

@ -817,7 +817,12 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac; transform->encrypt_then_mac = encrypt_then_mac;
#endif #endif
#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
transform->minor_ver = minor_ver; transform->minor_ver = minor_ver;
#else
((void) minor_ver);
#endif /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
/* /*
* Get various info structures * Get various info structures
@ -1994,7 +1999,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
unsigned char mac[SSL_MAC_MAX_BYTES]; unsigned char mac[SSL_MAC_MAX_BYTES];
ssl_mac( &transform->md_ctx_enc, transform->mac_enc, ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
@ -2005,7 +2011,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
MBEDTLS_SSL_MINOR_VERSION_1 )
{ {
unsigned char mac[MBEDTLS_SSL_MAC_ADD]; unsigned char mac[MBEDTLS_SSL_MAC_ADD];
@ -2184,7 +2191,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* Prepend per-record IV for block cipher in TLS v1.1 and up as per * Prepend per-record IV for block cipher in TLS v1.1 and up as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246) * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/ */
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
if( f_rng == NULL ) if( f_rng == NULL )
{ {
@ -2233,7 +2241,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) <
MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
/* /*
* Save IV in SSL3 and TLS1 * Save IV in SSL3 and TLS1
@ -2482,7 +2491,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
* Check immediate ciphertext sanity * Check immediate ciphertext sanity
*/ */
#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
/* The ciphertext is prefixed with the CBC IV. */ /* The ciphertext is prefixed with the CBC IV. */
minlen += transform->ivlen; minlen += transform->ivlen;
@ -2573,7 +2583,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
/* /*
* Initialize for prepended IV for block cipher in TLS v1.1 and up * Initialize for prepended IV for block cipher in TLS v1.1 and up
*/ */
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
/* This is safe because data_len >= minlen + maclen + 1 initially, /* This is safe because data_len >= minlen + maclen + 1 initially,
* and at this point we have at most subtracted maclen (note that * and at this point we have at most subtracted maclen (note that
@ -2601,7 +2612,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) <
MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
/* /*
* Save IV in SSL3 and TLS1 * Save IV in SSL3 and TLS1
@ -2643,7 +2655,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
* we have data_len >= padlen here. */ * we have data_len >= padlen here. */
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
if( padlen > transform->ivlen ) if( padlen > transform->ivlen )
{ {
@ -2659,7 +2672,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >
MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
/* The padding check involves a series of up to 256 /* The padding check involves a series of up to 256
* consecutive memory reads at the end of the record * consecutive memory reads at the end of the record
@ -2745,7 +2759,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
#if defined(MBEDTLS_SSL_PROTO_SSL3) #if defined(MBEDTLS_SSL_PROTO_SSL3)
if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
ssl_mac( &transform->md_ctx_dec, ssl_mac( &transform->md_ctx_dec,
transform->mac_dec, transform->mac_dec,
@ -2757,7 +2772,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #endif /* MBEDTLS_SSL_PROTO_SSL3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) if( mbedtls_ssl_transform_get_minor_ver( transform ) >
MBEDTLS_SSL_MINOR_VERSION_0 )
{ {
/* /*
* Process MAC and always update for padlen afterwards to make * Process MAC and always update for padlen afterwards to make