Implement usage checks in context_save()
Enforce restrictions indicated in the documentation. This allows to make some simplifying assumptions (no need to worry about saving IVs for CBC in TLS < 1.1, nor about saving handshake data) and guarantees that all values marked as "forced" in the design document have the intended values and can be skipped when serialising. Some of the "forced" values are not checked because their value is a consequence of other checks (for example, session_negotiated == NULL outside handshakes). We do however check that session and transform are not NULL (even if that's also a consequence of the initial handshake being over) as we're going to dereference them and static analyzers may appreciate the info.
This commit is contained in:
Manuel Pégourié-Gonnard
Jarno Lamsa
parent
96fb0ee9cf
commit
1aaf66940e
3 changed files with 44 additions and 3 deletions
|
|
@ -650,6 +650,21 @@ struct mbedtls_ssl_transform
|
|||
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||
};
|
||||
|
||||
/*
|
||||
* Return 1 if the transform uses an AEAD cipher, 0 otherwise.
|
||||
* Equivalently, return 0 if a separate MAC is used, 1 otherwise.
|
||||
*/
|
||||
static inline int mbedtls_ssl_transform_uses_aead(
|
||||
const mbedtls_ssl_transform *transform )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
|
||||
return( transform->maclen == 0 && transform->taglen != 0 );
|
||||
#else
|
||||
(void) transform;
|
||||
return( 1 );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Internal representation of record frames
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue