Introduce macros and functions to characterize certain ciphersuites.

The routine `mbedtls_ssl_write_server_key_exchange` heavily depends on what kind of cipher suite is active: some don't need a ServerKeyExchange at all, some need (EC)DH parameters but no server signature, some require both. Each time we want to restrict a certain piece of code to some class of ciphersuites, it is guarded by a lengthy concatentation of configuration checks determining whether at least one of the relevant cipher suites is enabled in the config; on the code level, it is guarded by the check whether one of these cipher suites is the active one. To ease readability of the code, this commit introduces several helper macros and helper functions that can be used to determine whether a certain class of ciphersuites (a) is active in the config, and (b) contains the currently present ciphersuite.
2025-11-06 19:29:29 +03:00 · 2017-04-28 17:08:27 +01:00
parent b65c2be5f1
commit 1aa267cbc3
5 changed files with 248 additions and 125 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -179,7 +179,7 @@ struct mbedtls_ssl_handshake_params
    unsigned char *ecjpake_cache;               /*!< Cache for ClientHello ext */
    size_t ecjpake_cache_len;                   /*!< Length of cached data */
 #endif
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
@@ -195,7 +195,7 @@ struct mbedtls_ssl_handshake_params
    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
-#endif
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
@@ -218,7 +218,7 @@ struct mbedtls_ssl_handshake_params
                                              resending messages             */
    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                              for resending messages         */
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */

    /*
     * Checksum contexts