TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 473f98f2e013f116c0c48d02feff23b12e3e9733^! / . / include / mbedtls / ssl_internal.h
commit473f98f2e013f116c0c48d02feff23b12e3e9733[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Wed Jun 26 10:27:32 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Mon Jul 08 11:17:53 2019 +0100
tree24ca49461325f3a069403ec0829911e74bce50fc
parent65382f250d8595adcd087092c572d498aba89bc8 [diff] [blame]
Introduce ciphersuite handle type

This commit introduces an internal zero-cost abstraction layer for
SSL ciphersuites: Instead of addressing ciphersuites via pointers
to instances of mbedtls_ssl_ciphersuite_t and accessing their fields
directly, this commit introduces an opaque type

  mbedtls_ssl_ciphersuite_handle_t,

and getter functions

  mbedtls_ssl_suite_get_xxx()

operating on ciphersuite handles.

The role of NULL is played by a new macro constant

  MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE

which results of functions returning handles can be checked against.
(For example, when doing a lookup of a ciphersuite from a peer-provided
ciphersuite ID in the per's Hello message).

The getter functions have the validity of the handle as a precondition
and are undefined if the handle is invalid.

So far, there's only one implementation of this abstraction layer, namely

  mbedtls_ssl_ciphersuite_handle_t being mbedtls_ssl_ciphersuite_t const *

and

  getter functions being field accesses.

In subsequent commits, however, the abstraction layer will be useful
to save code in the situation where only a single ciphersuite is enabled.

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 151589f..b2382fa 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h

@@ -501,7 +501,7 @@
                     const unsigned char *, size_t,
                     unsigned char *, size_t);
 
-    mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
+    mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
 
     size_t pmslen;                      /*!<  premaster length        */
 
@@ -918,7 +918,7 @@
 int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+                            mbedtls_ssl_ciphersuite_handle_t ciphersuite_info );
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
@@ -978,7 +978,7 @@
  * Return 0 if everything is OK, -1 if not.
  */
 int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                          mbedtls_ssl_ciphersuite_handle_t ciphersuite,
                           int cert_endpoint,
                           uint32_t *flags );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */