commit 0a92b8156dc0b6f46e5a5d1fd9d52fb6fb848fce
author Hanno Becker <hanno.becker@arm.com> Mon Jun 24 15:46:40 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Fri Jul 12 15:15:08 2019 +0100
tree 467c1321deab8d0b2f2e9739adf95c12c403c132
parent 0f902b71a82f376eca8270c89b2c8f7dc73890a9

Remove mbedtls_ssl_transform::minor_ver if the version is hardcoded

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 814bb27..e0f5b2b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -817,7 +817,12 @@
     defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     transform->encrypt_then_mac = encrypt_then_mac;
 #endif
+
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
     transform->minor_ver = minor_ver;
+#else
+    ((void) minor_ver);
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
 
     /*
      * Get various info structures
@@ -1994,7 +1999,8 @@
         }
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
+            MBEDTLS_SSL_MINOR_VERSION_0 )
         {
             unsigned char mac[SSL_MAC_MAX_BYTES];
             ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
@@ -2005,7 +2011,8 @@
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
         defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
+            MBEDTLS_SSL_MINOR_VERSION_1 )
         {
             unsigned char mac[MBEDTLS_SSL_MAC_ADD];
 
@@ -2184,7 +2191,8 @@
          * Prepend per-record IV for block cipher in TLS v1.1 and up as per
          * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
          */
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
+            MBEDTLS_SSL_MINOR_VERSION_2 )
         {
             if( f_rng == NULL )
             {
@@ -2233,7 +2241,8 @@
         }
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-        if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) <
+            MBEDTLS_SSL_MINOR_VERSION_2 )
         {
             /*
              * Save IV in SSL3 and TLS1
@@ -2482,7 +2491,8 @@
          * Check immediate ciphertext sanity
          */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
+            MBEDTLS_SSL_MINOR_VERSION_2 )
         {
             /* The ciphertext is prefixed with the CBC IV. */
             minlen += transform->ivlen;
@@ -2573,7 +2583,8 @@
         /*
          * Initialize for prepended IV for block cipher in TLS v1.1 and up
          */
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >=
+            MBEDTLS_SSL_MINOR_VERSION_2 )
         {
             /* This is safe because data_len >= minlen + maclen + 1 initially,
              * and at this point we have at most subtracted maclen (note that
@@ -2601,7 +2612,8 @@
         }
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-        if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) <
+            MBEDTLS_SSL_MINOR_VERSION_2 )
         {
             /*
              * Save IV in SSL3 and TLS1
@@ -2643,7 +2655,8 @@
          * we have data_len >= padlen here. */
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
+            MBEDTLS_SSL_MINOR_VERSION_0 )
         {
             if( padlen > transform->ivlen )
             {
@@ -2659,7 +2672,8 @@
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >
+            MBEDTLS_SSL_MINOR_VERSION_0 )
         {
             /* The padding check involves a series of up to 256
              * consecutive memory reads at the end of the record
@@ -2745,7 +2759,8 @@
         ssl_extract_add_data_from_record( add_data, &add_data_len, rec );
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) ==
+            MBEDTLS_SSL_MINOR_VERSION_0 )
         {
             ssl_mac( &transform->md_ctx_dec,
                      transform->mac_dec,
@@ -2757,7 +2772,8 @@
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
 #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
         defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+        if( mbedtls_ssl_transform_get_minor_ver( transform ) >
+            MBEDTLS_SSL_MINOR_VERSION_0 )
         {
             /*
              * Process MAC and always update for padlen afterwards to make