From 0cc4661365db14e0bf9e5c2e529b5acd2bf1aef4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 30 Nov 2020 08:56:52 +0000
Subject: [PATCH] Introduce helper macro for presence of stream ciphersuites

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_misc.h | 19 ++++++++++++++++++-
 library/ssl_msg.c  |  8 ++++----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8a006620cc..402da8db9f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -130,6 +130,15 @@
  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
  */
 
+#if defined(MBEDTLS_SSL_PROTO_SSL3)   ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1)   ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+
 /* This macro determines whether CBC is supported. */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
     ( defined(MBEDTLS_AES_C)      ||                                  \
@@ -139,6 +148,12 @@
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 
+/* This macro determines whether a ciphersuite using a
+ * stream cipher can be used. */
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
+#endif
+
 /* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
     ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
@@ -147,11 +162,13 @@
 #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
 #endif
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) ||   \
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) ||
     defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
 #define MBEDTLS_SSL_SOME_SUITES_USE_MAC
 #endif
 
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
+
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 /* Ciphersuites using HMAC */
 #if defined(MBEDTLS_SHA512_C)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 10ddf0d65f..f3cf8f5dd8 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -683,7 +683,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
     /*
      * Encrypt
      */
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
     if( mode == MBEDTLS_MODE_STREAM )
     {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -708,7 +708,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         }
     }
     else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
 
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
@@ -1245,7 +1245,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
     if( mode == MBEDTLS_MODE_STREAM )
     {
         padlen = 0;
@@ -1266,7 +1266,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
         }
     }
     else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
     defined(MBEDTLS_CHACHAPOLY_C)