Minor change the place of some functions
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d276082..f83f5d0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2220,7 +2220,36 @@
#endif /* MBEDTLS_ECDH_C */
-int mbedtls_ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
- int cipher_suite );
+static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
+ mbedtls_ssl_context *ssl, int cipher_suite )
+{
+ const int *ciphersuite_list = ssl->conf->ciphersuite_list;
+
+ /* Check whether we have offered this ciphersuite */
+ for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
+ {
+ if( ciphersuite_list[i] == cipher_suite )
+ {
+ return( 1 );
+ }
+ }
+ return( 0 );
+}
+
+/**
+ * \brief Validate cipher suite against config in SSL context.
+ *
+ * \param ssl SSL context
+ * \param suite_info Cipher suite to validate
+ * \param min_tls_version Minimal TLS version to accept a cipher suite
+ * \param max_tls_version Maximal TLS version to accept a cipher suite
+ *
+ * \return 0 if valid, negative value otherwise.
+ */
+int mbedtls_ssl_validate_ciphersuite(
+ const mbedtls_ssl_context *ssl,
+ const mbedtls_ssl_ciphersuite_t *suite_info,
+ mbedtls_ssl_protocol_version min_tls_version,
+ mbedtls_ssl_protocol_version max_tls_version );
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1bcafe4..4bee319 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1537,20 +1537,4 @@
}
#endif /* MBEDTLS_ECDH_C */
-int mbedtls_ssl_tls13_cipher_suite_is_offered( mbedtls_ssl_context *ssl,
- int cipher_suite )
-{
- const int *ciphersuite_list = ssl->conf->ciphersuite_list;
-
- /* Check whether we have offered this ciphersuite */
- for ( size_t i = 0; ciphersuite_list[i] != 0; i++ )
- {
- if( ciphersuite_list[i] == cipher_suite )
- {
- return( 1 );
- }
- }
- return( 0 );
-}
-
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index a8e523a..136d236 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -51,7 +51,7 @@
const unsigned char *p = buf;
size_t versions_len;
const unsigned char *versions_end;
- int tls_version;
+ uint16_t tls_version;
int tls13_supported = 0;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
@@ -84,7 +84,7 @@
}
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Negotiated version. Supported is [%04x]",
- tls_version ) );
+ (unsigned int)tls_version ) );
return( 0 );
}
@@ -512,9 +512,9 @@
if( !ciphersuite_match )
{
- MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- return ( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return ( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
@@ -525,7 +525,7 @@
* opaque legacy_compression_methods<1..2^8-1>;
* ...
*/
- if( p[0] != 1 || p[1] != 0 )
+ if( p[0] != 1 || p[1] != MBEDTLS_SSL_COMPRESS_NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad legacy compression method" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,