Remove min/maj version from SSL context if only one version enabled
If the minor/major version is enforced at compile-time, the `major_ver`
and `minor_ver` fields in `mbedtls_ssl_context` are redundant and can
be removed.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ee8bd81..5e99544 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -63,6 +63,18 @@
#include "platform_time.h"
#endif
+#if defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) && \
+ defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) && \
+ ( MBEDTLS_SSL_CONF_MAX_MAJOR_VER == MBEDTLS_SSL_CONF_MIN_MAJOR_VER )
+#define MBEDTLS_SSL_CONF_FIXED_MAJOR_VER MBEDTLS_SSL_CONF_MIN_MAJOR_VER
+#endif
+
+#if defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) && \
+ defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) && \
+ ( MBEDTLS_SSL_CONF_MAX_MINOR_VER == MBEDTLS_SSL_CONF_MIN_MINOR_VER )
+#define MBEDTLS_SSL_CONF_FIXED_MINOR_VER MBEDTLS_SSL_CONF_MIN_MINOR_VER
+#endif
+
/*
* SSL Error codes
*/
@@ -1229,8 +1241,12 @@
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned badmac_seen; /*!< records with a bad MAC received */
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 00b941d..43443bf 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -962,12 +962,22 @@
static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl )
{
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
return( ssl->minor_ver );
+#else /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
+ ((void) ssl);
+ return( MBEDTLS_SSL_CONF_FIXED_MINOR_VER );
+#endif /* MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
}
static inline int mbedtls_ssl_get_major_ver( mbedtls_ssl_context const *ssl )
{
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
return( ssl->major_ver );
+#else /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
+ ((void) ssl);
+ return( MBEDTLS_SSL_CONF_FIXED_MAJOR_VER );
+#endif /* MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d69bd1c..c7a18f5 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -850,8 +850,12 @@
if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE )
{
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
ssl->major_ver = mbedtls_ssl_conf_get_min_major_ver( ssl->conf );
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
ssl->minor_ver = mbedtls_ssl_conf_get_min_minor_ver( ssl->conf );
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
}
if( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) == 0 )
@@ -1743,8 +1747,13 @@
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
ssl->minor_ver = minor_ver;
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
+
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
ssl->major_ver = major_ver;
+#endif /* !MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 84cb04b..87fe4c9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1654,8 +1654,12 @@
else if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf );
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
ssl->major_ver = major_ver;
+#endif /* MBEDTLS_SSL_CONF_FIXED_MAJOR_VER */
+#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
ssl->minor_ver = minor_ver;
+#endif /* MBEDTLS_SSL_CONF_FIXED_MINOR_VER */
}
/*