mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss
parent
60bfe60d0f
commit
e3af4cb72a
9 changed files with 119 additions and 180 deletions
|
|
@ -1147,7 +1147,6 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
|
|||
int handshake_failure = 0;
|
||||
const int *ciphersuites;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
int major, minor;
|
||||
|
||||
/* If there is no signature-algorithm extension present,
|
||||
* we need to fall back to the default values for allowed
|
||||
|
|
@ -1206,13 +1205,11 @@ read_record_header:
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, protocol version: [%d:%d]",
|
||||
buf[1], buf[2] ) );
|
||||
|
||||
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
||||
|
||||
/* According to RFC 5246 Appendix E.1, the version here is typically
|
||||
* "{03,00}, the lowest version number supported by the client, [or] the
|
||||
* value of ClientHello.client_version", so the only meaningful check here
|
||||
* is the major version shouldn't be less than 3 */
|
||||
if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
|
||||
if( mbedtls_ssl_read_version( buf + 1, ssl->conf->transport ) < 0x0300 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
|
||||
|
|
@ -1405,8 +1402,7 @@ read_record_header:
|
|||
*/
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
|
||||
|
||||
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf );
|
||||
ssl->tls_version = ( major << 8 ) | minor;
|
||||
ssl->tls_version = mbedtls_ssl_read_version( buf, ssl->conf->transport );
|
||||
ssl->session_negotiate->tls_version = ssl->tls_version;
|
||||
|
||||
if( ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2 )
|
||||
|
|
@ -2354,8 +2350,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
|
||||
/* The RFC is not clear on this point, but sending the actual negotiated
|
||||
* version looks like the most interoperable thing to do. */
|
||||
mbedtls_ssl_write_version( ssl->tls_version >> 8, ssl->tls_version & 0xFF,
|
||||
ssl->conf->transport, p );
|
||||
mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||
p += 2;
|
||||
|
||||
|
|
@ -2494,8 +2489,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
buf = ssl->out_msg;
|
||||
p = buf + 4;
|
||||
|
||||
mbedtls_ssl_write_version( ssl->tls_version >> 8, ssl->tls_version & 0xFF,
|
||||
ssl->conf->transport, p );
|
||||
mbedtls_ssl_write_version( p, ssl->conf->transport, ssl->tls_version );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
|
||||
|
|
@ -3734,9 +3728,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
return( ret );
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
ssl->conf->transport, ver );
|
||||
mbedtls_ssl_write_version( ver, ssl->conf->transport,
|
||||
ssl->session_negotiate->tls_version );
|
||||
|
||||
/* Avoid data-dependent branches while checking for invalid
|
||||
* padding, to protect against timing-based Bleichenbacher-type
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue