mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-11 00:44:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-01 15:40:25 +02:00
parent fe635e42c9
commit 7fea33ea4d
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/ssl_tls.c
View File

@ -6912,6 +6912,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
size_t keylen; size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
mbedtls_ssl_mode_t ssl_mode;
#if !defined(MBEDTLS_USE_PSA_CRYPTO) #if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #endif /* !MBEDTLS_USE_PSA_CRYPTO */
@ -6967,6 +6968,12 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
ssl_mode = mbedtls_get_mode_from_ciphersuite(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
ciphersuite_info );
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
if( cipher_info == NULL ) if( cipher_info == NULL )
{ {
@ -7038,9 +7045,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
#if defined(MBEDTLS_GCM_C) || \ #if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C) defined(MBEDTLS_CHACHAPOLY_C)
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM || if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
{ {
size_t explicit_ivlen; size_t explicit_ivlen;
@ -7070,8 +7075,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
else else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM || if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC ) ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Get MAC length */ /* Get MAC length */
@ -7094,7 +7100,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
transform->ivlen = cipher_info->iv_size; transform->ivlen = cipher_info->iv_size;
/* Minimum length */ /* Minimum length */
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ) if( ssl_mode == MBEDTLS_SSL_MODE_STREAM )
transform->minlen = transform->maclen; transform->minlen = transform->maclen;
else else
{ {
@ -7105,7 +7111,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* 2. IV * 2. IV
*/ */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) if( ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM )
{ {
transform->minlen = transform->maclen transform->minlen = transform->maclen
+ cipher_info->block_size; + cipher_info->block_size;