Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks
mbedtls no longer supports earlier TLS protocol versions
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f1e852e..1ee51b2 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4959,10 +4959,6 @@
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
- /* XXX: obsolete test? (earlier vers no longer supported?) */
- if( transform->tls_version < MBEDTLS_SSL_VERSION_TLS1_2 )
- return( 0 );
-
return( transform->ivlen - transform->fixed_ivlen );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 277904d..8f6f7b2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7053,9 +7053,6 @@
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
- /*
- * This is not used in TLS v1.1.
- */
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
@@ -7073,9 +7070,6 @@
mac_enc = keyblk + mac_key_len;
mac_dec = keyblk;
- /*
- * This is not used in TLS v1.1.
- */
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 49cda3f..9e3e736 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -951,7 +951,7 @@
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{
- mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
+ mbedtls_ssl_key_cert *cur, *list;
mbedtls_pk_type_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags;
@@ -1015,9 +1015,6 @@
break;
}
- if( cur == NULL )
- cur = fallback;
-
/* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL )
{