Remove ciphersuite from SSL session if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type
mbedtls_ssl_ciphersuite_handle_t
is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.
The SSL session structure mbedtls_ssl_session contains an instance
of mbedtls_ssl_ciphersuite_handle_t which is guaranteed to be valid,
and which is hence redundant in any two-valued implementation of
mbedtls_ssl_ciphersuite_handle_t.
This commit replaces read-uses of
mbedtls_ssl_session::ciphersuite_info
by a getter functions which, and defines this getter function
either by just reading the field from the session structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_session in this case.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index afe32be..ab48cc4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1378,24 +1378,24 @@
/* Populate transform structure */
ret = ssl_populate_transform( ssl->transform_negotiate,
- ssl->session_negotiate->ciphersuite,
- ssl->session_negotiate->master,
+ mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ),
+ ssl->session_negotiate->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->session_negotiate->encrypt_then_mac,
+ ssl->session_negotiate->encrypt_then_mac,
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl->session_negotiate->trunc_hmac,
+ ssl->session_negotiate->trunc_hmac,
#endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_ZLIB_SUPPORT)
- ssl->session_negotiate->compression,
+ ssl->session_negotiate->compression,
#endif
- ssl->handshake->tls_prf,
- ssl->handshake->randbytes,
- ssl->minor_ver,
- mbedtls_ssl_conf_get_endpoint( ssl->conf ),
- ssl );
+ ssl->handshake->tls_prf,
+ ssl->handshake->randbytes,
+ ssl->minor_ver,
+ mbedtls_ssl_conf_get_endpoint( ssl->conf ),
+ ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );
@@ -8968,10 +8968,13 @@
const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
{
+ int suite;
+
if( ssl == NULL || ssl->session == NULL )
return( NULL );
- return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+ suite = mbedtls_ssl_session_get_ciphersuite( ssl->session );
+ return( mbedtls_ssl_get_ciphersuite_name( suite ) );
}
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
@@ -9393,8 +9396,10 @@
if( used <= buf_len )
{
- *p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF );
+ const int ciphersuite =
+ mbedtls_ssl_session_get_ciphersuite( session );
+ *p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ciphersuite ) & 0xFF );
*p++ = (unsigned char)( session->compression & 0xFF );
@@ -9532,6 +9537,7 @@
{
const unsigned char *p = buf;
const unsigned char * const end = buf + len;
+ int ciphersuite;
#if defined(MBEDTLS_HAVE_TIME)
uint64_t start;
#endif
@@ -9578,12 +9584,23 @@
/*
* Basic mandatory fields
*/
+
if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- session->ciphersuite = ( p[0] << 8 ) | p[1];
+ ciphersuite = ( p[0] << 8 ) | p[1];
p += 2;
+#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
+ session->ciphersuite = ciphersuite;
+#else
+ if( ciphersuite !=
+ MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) )
+ {
+ return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+ }
+#endif
+
session->compression = *p++;
session->id_len = *p++;