lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Simplify mbedtls_ssl_get_mode

Browse Source 
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2022-04-26 16:50:40 +02:00
committed by Neil Armstrong
parent 76b7407bd7
commit e108d987ea
1 changed files with 38 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
library/ssl_tls.c
View File

@@ -1713,10 +1713,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg psa_algorithm_t alg
#else #else
@@ -1727,24 +1724,10 @@ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( alg == PSA_ALG_CBC_NO_PADDING ) if( alg == PSA_ALG_CBC_NO_PADDING )
{
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
return( MBEDTLS_SSL_MODE_CBC_ETM );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
return( MBEDTLS_SSL_MODE_CBC ); return( MBEDTLS_SSL_MODE_CBC );
}
#else #else
if( mode == MBEDTLS_MODE_CBC ) if( mode == MBEDTLS_MODE_CBC )
{
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
return( MBEDTLS_SSL_MODE_CBC_ETM );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
return( MBEDTLS_SSL_MODE_CBC ); return( MBEDTLS_SSL_MODE_CBC );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -1765,25 +1748,38 @@ static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode(
return( MBEDTLS_SSL_MODE_STREAM ); return( MBEDTLS_SSL_MODE_STREAM );
} }
static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
mbedtls_ssl_mode_t base_mode,
int encrypt_then_mac )
{
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
base_mode == MBEDTLS_SSL_MODE_CBC )
{
return( MBEDTLS_SSL_MODE_CBC_ETM );
}
#else
(void) encrypt_then_mac;
#endif
return( base_mode );
}
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
const mbedtls_ssl_transform *transform ) const mbedtls_ssl_transform *transform )
{ {
mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_ssl_get_mode( transform->psa_alg
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
transform->encrypt_then_mac,
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
transform->psa_alg );
#else #else
mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc )
mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); #endif
);
return mbedtls_ssl_get_mode( int encrypt_then_mac = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
transform->encrypt_then_mac, encrypt_then_mac = transform->encrypt_then_mac;
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ #endif
mode ); return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} }
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
@@ -1792,32 +1788,31 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
const mbedtls_ssl_ciphersuite_t *suite ) const mbedtls_ssl_ciphersuite_t *suite )
{ {
mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status; psa_status_t status;
psa_algorithm_t alg; psa_algorithm_t alg;
psa_key_type_t type; psa_key_type_t type;
size_t size; size_t size;
status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
return mbedtls_ssl_get_mode( base_mode = mbedtls_ssl_get_base_mode( alg );
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
encrypt_then_mac,
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
alg );
#else #else
const mbedtls_cipher_info_t *cipher = const mbedtls_cipher_info_t *cipher =
mbedtls_cipher_info_from_type( suite->cipher ); mbedtls_cipher_info_from_type( suite->cipher );
if( cipher != NULL ) if( cipher != NULL )
return mbedtls_ssl_get_mode( {
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) base_mode =
encrypt_then_mac, mbedtls_ssl_get_base_mode(
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ mbedtls_cipher_info_get_mode( cipher ) );
mbedtls_cipher_info_get_mode( cipher ) ); }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
return( MBEDTLS_SSL_MODE_STREAM ); #if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac = 0;
#endif
return( mbedtls_ssl_get_actual_mode( base_mode, encrypt_then_mac ) );
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)