Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 254627f..af3aa5d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -947,7 +947,7 @@
* and indicates the length of the static part of the IV which is
* constant throughout the communication, and which is stored in
* the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
- * - minor_ver denotes the SSL/TLS version
+ * - tls_version denotes the 2-byte TLS version
* - For stream/CBC transformations, maclen denotes the length of the
* authentication tag, while taglen is unused and 0.
* - For AEAD transformations, taglen denotes the length of the
@@ -988,7 +988,7 @@
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
- int minor_ver;
+ mbedtls_ssl_protocol_version tls_version;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 4eac24b..8053e76 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -382,7 +382,8 @@
static void ssl_extract_add_data_from_record( unsigned char* add_data,
size_t *add_data_len,
mbedtls_record *rec,
- unsigned minor_ver,
+ mbedtls_ssl_protocol_version
+ tls_version,
size_t taglen )
{
/* Quoting RFC 5246 (TLS 1.2):
@@ -421,7 +422,7 @@
size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* In TLS 1.3, the AAD contains the length of the TLSCiphertext,
* which differs from the length of the TLSInnerPlaintext
@@ -431,7 +432,7 @@
else
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
{
- ((void) minor_ver);
+ ((void) tls_version);
((void) taglen);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
cur += sizeof( rec->ctr );
@@ -596,7 +597,7 @@
* is hence no risk of double-addition of the inner plaintext.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
size_t padding =
ssl_compute_padding_length( rec->data_len,
@@ -680,7 +681,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -817,7 +818,7 @@
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
@@ -1050,7 +1051,7 @@
}
ssl_extract_add_data_from_record( add_data, &add_data_len,
- rec, transform->minor_ver,
+ rec, transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
@@ -1270,7 +1271,7 @@
* This depends on the TLS version.
*/
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
add_data, add_data_len );
@@ -1412,7 +1413,7 @@
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
/* Calculate expected MAC. */
@@ -1697,7 +1698,7 @@
*/
rec->data_len -= transform->maclen;
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver,
+ transform->tls_version,
transform->taglen );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@@ -1775,7 +1776,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( transform->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* Remove inner padding and infer true content type. */
ret = ssl_parse_inner_plaintext( data, &rec->data_len,
@@ -3692,7 +3693,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->transform_in != NULL &&
- ssl->transform_in->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ ssl->transform_in->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
if( rec->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
done = 1;
@@ -4967,7 +4968,8 @@
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+ /* XXX: obsolete test? (earlier vers no longer supported?) */
+ if( transform->tls_version < MBEDTLS_SSL_VERSION_TLS1_2 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 63442eb..1fdc1f3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -390,7 +390,7 @@
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
- int minor_ver,
+ mbedtls_ssl_protocol_version tls_version,
unsigned endpoint,
const mbedtls_ssl_context *ssl );
@@ -3660,7 +3660,7 @@
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
- MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
+ MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint,
ssl );
if( ret != 0 )
@@ -5253,7 +5253,9 @@
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
- ssl->minor_ver,
+ ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4
+ ? MBEDTLS_SSL_VERSION_TLS1_3
+ : MBEDTLS_SSL_VERSION_TLS1_2,
ssl->conf->endpoint,
ssl );
if( ret != 0 )
@@ -6826,7 +6828,7 @@
* - [in] compression
* - [in] tls_prf: pointer to PRF to use for key derivation
* - [in] randbytes: buffer holding ServerHello.random + ClientHello.random
- * - [in] minor_ver: SSL/TLS minor version
+ * - [in] tls_version: TLS version
* - [in] endpoint: client or server
* - [in] ssl: used for:
* - ssl->conf->{f,p}_export_keys
@@ -6843,7 +6845,7 @@
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
- int minor_ver,
+ mbedtls_ssl_protocol_version tls_version,
unsigned endpoint,
const mbedtls_ssl_context *ssl )
{
@@ -6887,14 +6889,14 @@
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac;
#endif
- transform->minor_ver = minor_ver;
+ transform->tls_version = tls_version;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
{
/* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
* generation separate. This should never happen. */
@@ -7064,7 +7066,7 @@
- transform->maclen % cipher_info->block_size;
}
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( tls_version == MBEDTLS_SSL_VERSION_TLS1_2 )
{
transform->minlen += transform->ivlen;
}
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index d7deaba..6559bc9 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1106,7 +1106,7 @@
transform->ivlen = traffic_keys->iv_len;
transform->maclen = 0;
transform->fixed_ivlen = transform->ivlen;
- transform->minor_ver = MBEDTLS_SSL_MINOR_VERSION_4;
+ transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and
* then pad to the configured granularity. The mimimum length of the