Introduce helper macro for presence of stream ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8a00662..402da8d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -130,6 +130,15 @@
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
*/
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+
/* This macro determines whether CBC is supported. */
#if defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_AES_C) || \
@@ -139,6 +148,12 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
#endif
+/* This macro determines whether a ciphersuite using a
+ * stream cipher can be used. */
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
+#endif
+
/* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
( defined(MBEDTLS_SSL_PROTO_TLS1) || \
@@ -147,11 +162,13 @@
#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
#endif
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) ||
defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
#define MBEDTLS_SSL_SOME_SUITES_USE_MAC
#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
+
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
#if defined(MBEDTLS_SHA512_C)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 10ddf0d..f3cf8f5 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -683,7 +683,7 @@
/*
* Encrypt
*/
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
if( mode == MBEDTLS_MODE_STREAM )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -708,7 +708,7 @@
}
}
else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
@@ -1245,7 +1245,7 @@
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
if( mode == MBEDTLS_MODE_STREAM )
{
padlen = 0;
@@ -1266,7 +1266,7 @@
}
}
else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)