Use mbedtls_ssl_protocol_version in public structs

Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2025-03-29 22:20:30 +00:00 · 2022-04-12 07:31:46 -04:00 · 2022-04-12 07:31:46 -04:00 · bbdc83b55b
commit bbdc83b55b
parent 59b0d54ba0
2 changed files with 12 additions and 14 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1131,7 +1131,7 @@ struct mbedtls_ssl_session
    /*!< TLS version negotiated in the session. Used if and when renegotiating
     *   or resuming a session instead of the configured minor TLS version.
     */
-    uint16_t MBEDTLS_PRIVATE(tls_version);
+    mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);

 #if defined(MBEDTLS_HAVE_TIME)
    mbedtls_time_t MBEDTLS_PRIVATE(start);       /*!< starting time      */
@ -1241,8 +1241,8 @@ struct mbedtls_ssl_config
     * so that elements tend to be in the 128-element direct access window
     * on Arm Thumb, which reduces the code size. */

-    uint16_t MBEDTLS_PRIVATE(max_tls_version);  /*!< max. TLS version used          */
-    uint16_t MBEDTLS_PRIVATE(min_tls_version);  /*!< min. TLS version used          */
+    mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(max_tls_version);  /*!< max. TLS version used */
+    mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(min_tls_version);  /*!< min. TLS version used */

    /*
     * Flags (could be bit-fields to save RAM, but separate bytes make
@ -1495,8 +1495,6 @@ struct mbedtls_ssl_context
                                  renego_max_records is < 0           */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */

-    int MBEDTLS_PRIVATE(major_ver_OBSOLETE);     /*!< (should no longer be used)                */
-
    /*!< Server: Negotiated TLS protocol version.
     *   Client: Maximum TLS version to be negotiated, then negotiated TLS
     *           version.
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -505,6 +505,14 @@ struct mbedtls_ssl_handshake_params
    uint8_t resume;                     /*!<  session resume indicator*/
    uint8_t cli_exts;                   /*!< client extension presence*/

+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    uint8_t sni_authmode;               /*!< authmode from SNI callback     */
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    uint8_t new_session_ticket;         /*!< use NewSessionTicket?    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
 #if defined(MBEDTLS_SSL_CLI_C)
    /*!< Minimum TLS version to be negotiated.
     *
@ -524,17 +532,9 @@ struct mbedtls_ssl_handshake_params
     *   used to store this maximum value until it contains the actual
     *   negotiated value.
     */
-    uint16_t min_tls_version;
+    mbedtls_ssl_protocol_version min_tls_version;
 #endif

-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    uint8_t sni_authmode;               /*!< authmode from SNI callback     */
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    uint8_t new_session_ticket;         /*!< use NewSessionTicket?    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
    uint8_t extended_ms;                /*!< use Extended Master Secret? */
 #endif