mbedtls_ssl_get_record_expansion: rework switch statement for psa

As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2025-07-29 11:41:15 +03:00 · 2022-01-24 23:46:50 +01:00
parent e88477844c
commit 1d714479a3
1 changed files with 23 additions and 35 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -5096,48 +5096,36 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    switch( transform->psa_alg )
+    if ( transform->psa_alg == PSA_ALG_IS_AEAD( transform->psa_alg ) ||
         transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER )
    {
-        case PSA_ALG_GCM:
+        transform_expansion = transform->minlen;
-        case PSA_ALG_CHACHA20_POLY1305:
+    }
-        case MBEDTLS_SSL_NULL_CIPHER:
+    else if ( transform->psa_alg )
-            transform_expansion = transform->minlen;
+    {
-            break;
+        (void) psa_get_key_attributes( transform->psa_key_enc, &attr );
        key_type = psa_get_key_type( &attr );
-        case PSA_ALG_CBC_NO_PADDING:
+        block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
            (void) psa_get_key_attributes( transform->psa_key_enc, &attr );
            key_type = psa_get_key_type( &attr );
-            block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
+        /* Expansion due to the addition of the MAC. */
        transform_expansion += transform->maclen;
-            /* Expansion due to the addition of the MAC. */
+        /* Expansion due to the addition of CBC padding;
-            transform_expansion += transform->maclen;
+            * Theoretically up to 256 bytes, but we never use
            * more than the block size of the underlying cipher. */
        transform_expansion += block_size;
-            /* Expansion due to the addition of CBC padding;
+        /* For TLS 1.2 or higher, an explicit IV is added
-             * Theoretically up to 256 bytes, but we never use
+            * after the record header. */
             * more than the block size of the underlying cipher. */
            transform_expansion += block_size;
            /* For TLS 1.2 or higher, an explicit IV is added
             * after the record header. */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            transform_expansion += block_size;
+        transform_expansion += block_size;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-            break;
+    }
-
+    else
-        default:
+    {
-         /* Handle CCM case in default:
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            PSA_ALG_IS_AEAD( transform->psa_alg ) corresponds to
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
            psa_alg == PSA_ALG_CCM || psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 )
            in tls context (TLS only uses the default taglen or 8) */
            if ( PSA_ALG_IS_AEAD( transform->psa_alg ) )
            {
                transform_expansion = transform->minlen;
                break;
            }
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
    }
 #else
    switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )