Remove ciphersuite from SSL session if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type mbedtls_ssl_ciphersuite_handle_t is logically a boolean (concretely realized as `unsigned char`), containing the invalid handle and the unique valid handle, which represents the single enabled ciphersuite. The SSL session structure mbedtls_ssl_session contains an instance of mbedtls_ssl_ciphersuite_handle_t which is guaranteed to be valid, and which is hence redundant in any two-valued implementation of mbedtls_ssl_ciphersuite_handle_t. This commit replaces read-uses of mbedtls_ssl_session::ciphersuite_info by a getter functions which, and defines this getter function either by just reading the field from the session structure (in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by returning the single valid ciphersuite handle (in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the field from mbedtls_ssl_session in this case.
This commit is contained in:
Hanno Becker
parent
6ace4657b6
commit
e02758c9c8
7 changed files with 78 additions and 23 deletions
|
|
@ -681,6 +681,21 @@ static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
|
|||
}
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
|
||||
static inline int mbedtls_ssl_session_get_ciphersuite(
|
||||
mbedtls_ssl_session const * session )
|
||||
{
|
||||
return( session->ciphersuite );
|
||||
}
|
||||
#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
|
||||
static inline int mbedtls_ssl_session_get_ciphersuite(
|
||||
mbedtls_ssl_session const * session )
|
||||
{
|
||||
((void) session);
|
||||
return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
|
||||
|
||||
const int *mbedtls_ssl_list_ciphersuites( void );
|
||||
|
||||
mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue