mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-25 18:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks

Browse Source 
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss 2022-03-15 06:08:29 -04:00
parent e3af4cb72a
commit 041a37635b
3 changed files with 1 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_msg.c
View File

@ -4959,10 +4959,6 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
/* XXX: obsolete test? (earlier vers no longer supported?) */
if( transform->tls_version < MBEDTLS_SSL_VERSION_TLS1_2 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen );
}

6
library/ssl_tls.c
View File

@ -7053,9 +7053,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk;
mac_dec = keyblk + mac_key_len;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_enc, key2 + keylen, iv_copy_len );
@ -7073,9 +7070,6 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
mac_enc = keyblk + mac_key_len;
mac_dec = keyblk;
/*
* This is not used in TLS v1.1.
*/
iv_copy_len = ( transform->fixed_ivlen ) ?
transform->fixed_ivlen : transform->ivlen;
memcpy( transform->iv_dec, key1 + keylen, iv_copy_len );

5
library/ssl_tls12_server.c
View File

@ -951,7 +951,7 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
mbedtls_ssl_key_cert *cur, *list;
mbedtls_pk_type_t pk_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags;
@ -1015,9 +1015,6 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
break;
}
if( cur == NULL )
cur = fallback;
/* Do not update ssl->handshake->key_cert unless there is a match */
if( cur != NULL )
{