Introduce macros and functions to characterize certain ciphersuites.

The routine `mbedtls_ssl_write_server_key_exchange` heavily depends on what kind of cipher suite is active: some don't need a ServerKeyExchange at all, some need (EC)DH parameters but no server signature, some require both. Each time we want to restrict a certain piece of code to some class of ciphersuites, it is guarded by a lengthy concatentation of configuration checks determining whether at least one of the relevant cipher suites is enabled in the config; on the code level, it is guarded by the check whether one of these cipher suites is the active one. To ease readability of the code, this commit introduces several helper macros and helper functions that can be used to determine whether a certain class of ciphersuites (a) is active in the config, and (b) contains the currently present ciphersuite.
2025-07-29 11:41:15 +03:00 · 2017-04-28 17:08:27 +01:00
parent b65c2be5f1
commit 1aa267cbc3
5 changed files with 248 additions and 125 deletions
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@ -1819,39 +1819,4 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph
 }
 #endif /* MBEDTLS_PK_C */

-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
 #endif /* MBEDTLS_SSL_TLS_C */