commit d60b6c62d57563b04caa1ee0470fb0d1354302d5
author Hanno Becker <hanno.becker@arm.com> Thu Apr 29 12:04:11 2021 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jun 04 12:20:10 2021 +0200
tree 4ed1a8942511840ea4fd1d12ba52d8dfa6ba7ea3
parent 0c1a42a14754d97d3a1acf23e337b630f560c8f6

Remove per-version ciphersuite configuration API

This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 342832f..9b8c05f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3514,73 +3514,10 @@
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
-static int protocol_version_to_ciphersuites_list_index(int prot_version)
-{
-    switch(prot_version) {
-        case MBEDTLS_SSL_MINOR_VERSION_1:
-            return 0;
-        case MBEDTLS_SSL_MINOR_VERSION_2:
-            return 1;
-        case MBEDTLS_SSL_MINOR_VERSION_3:
-            return 2;
-        default:
-            return -1;
-    };
-}
-
-static void set_protocol_version_ciphersuites( mbedtls_ssl_config *conf,
-                                               int prot_version,
-                                               const int* ciphersuites )
-{
-    int ciphersuite_list_index =
-        protocol_version_to_ciphersuites_list_index(prot_version);
-    if ( ciphersuite_list_index >= 0 &&
-         (unsigned int)ciphersuite_list_index <
-         sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
-    {
-        conf->ciphersuite_list[ciphersuite_list_index] = ciphersuites;
-    }
-}
-
 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
                                     const int *ciphersuites )
 {
-    set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
-        ciphersuites);
-    set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
-        ciphersuites);
-    set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
-        ciphersuites);
-}
-
-const int *mbedtls_ssl_get_protocol_version_ciphersuites(
-    const mbedtls_ssl_config *conf, int prot_version )
-{
-    int ciphersuite_list_index =
-        protocol_version_to_ciphersuites_list_index(prot_version);
-    if ( ciphersuite_list_index >= 0 &&
-         (unsigned int)ciphersuite_list_index <
-         sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
-    {
-        return conf->ciphersuite_list[ciphersuite_list_index];
-    }
-    else
-    {
-        return NULL;
-    }
-}
-
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
-                                       const int *ciphersuites,
-                                       int major, int minor )
-{
-    if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
-        return;
-
-    if( minor != MBEDTLS_SSL_MINOR_VERSION_3 )
-        return;
-
-    set_protocol_version_ciphersuites(conf, minor, ciphersuites);
+    conf->ciphersuite_list = ciphersuites;
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -6278,12 +6215,7 @@
             conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
             conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
 
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
-                                              ssl_preset_suiteb_ciphersuites);
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
-                                              ssl_preset_suiteb_ciphersuites);
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
-                                              ssl_preset_suiteb_ciphersuites);
+            conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
             conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
@@ -6317,13 +6249,7 @@
             if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
                 conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
 #endif
-            const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
-                                              default_ciphersuites);
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
-                                              default_ciphersuites);
-            set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
-                                              default_ciphersuites);
+            conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
             conf->cert_profile = &mbedtls_x509_crt_profile_default;