Remove ciphersuite from handshake params if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type
mbedtls_ssl_ciphersuite_handle_t
is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.
The SSL handshake structure mbedtls_ssl_handshake_params contains
an instance of mbedtls_ssl_ciphersuite_handle_t which is guaranteed
to be valid, and which is hence redundant in any two-valued
implementation of mbedtls_ssl_ciphersuite_handle_t.
This commit replaces read-uses of
mbedtls_ssl_handshake_params::ciphersuite_info
by a getter functions which, and defines this getter function
either by just reading the field from the handshake structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_handshake_params in this case.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c245145..6792273 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1340,8 +1340,8 @@
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
{
int ret;
- mbedtls_ssl_ciphersuite_handle_t const ciphersuite_info =
- ssl->handshake->ciphersuite_info;
+ mbedtls_ssl_ciphersuite_handle_t const ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
@@ -6072,7 +6072,8 @@
/* No certificate support -> dummy functions */
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{
- mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = ssl->handshake->ciphersuite_info;
+ mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@@ -6089,7 +6090,8 @@
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{
- mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = ssl->handshake->ciphersuite_info;
+ mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
@@ -6112,7 +6114,8 @@
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n;
const mbedtls_x509_crt *crt;
- mbedtls_ssl_ciphersuite_handle_t ciphersuite_info = ssl->handshake->ciphersuite_info;
+ mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@@ -6477,7 +6480,7 @@
int authmode )
{
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
- ssl->handshake->ciphersuite_info;
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
return( SSL_CERTIFICATE_SKIP );
@@ -6512,6 +6515,7 @@
{
int verify_ret;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
+ mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;