commit df6459673354a0e57e7c0588c8a8b4aa59a10cdf
author Hanno Becker <hanno.becker@arm.com> Wed Jun 26 13:02:22 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Jul 08 11:23:24 2019 +0100
tree 7eb52a5bb2e2a7ab709b715366e63aad0016b045
parent 2d46b4f2a1270c5d252816683e7e2c5f3e849514

Remove ciphersuite from handshake params if single suite hardcoded

If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type

  mbedtls_ssl_ciphersuite_handle_t

is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.

The SSL handshake structure mbedtls_ssl_handshake_params contains
an instance of mbedtls_ssl_ciphersuite_handle_t which is guaranteed
to be valid, and which is hence redundant in any two-valued
implementation of mbedtls_ssl_ciphersuite_handle_t.

This commit replaces read-uses of

  mbedtls_ssl_handshake_params::ciphersuite_info

by a getter functions which, and defines this getter function
either by just reading the field from the handshake structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_handshake_params in this case.

include/mbedtls/ssl_internal.h

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index bca249d..0dbf60e 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -501,7 +501,9 @@
                     const unsigned char *, size_t,
                     unsigned char *, size_t);
 
+#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
+#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
 
     size_t pmslen;                      /*!<  premaster length        */
 
@@ -556,6 +558,21 @@
 }
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
+#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
+static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite(
+    mbedtls_ssl_handshake_params const *handshake )
+{
+    return( handshake->ciphersuite_info );
+}
+#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
+static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite(
+    mbedtls_ssl_handshake_params const *handshake )
+{
+    ((void) handshake);
+    return( MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE );
+}
+#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
+
 typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
 
 /*