commit 0cc4661365db14e0bf9e5c2e529b5acd2bf1aef4
author Hanno Becker <hanno.becker@arm.com> Mon Nov 30 08:56:52 2020 +0000
committer Hanno Becker <hanno.becker@arm.com> Sat May 15 06:14:56 2021 +0100
tree 58d7e580c962f8246170d38cc1620e664567ba51
parent fd86ca8626388cd2f0e5cb1a3fe35b3262a41953

Introduce helper macro for presence of stream ciphersuites

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8a00662..402da8d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -130,6 +130,15 @@
  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256).
  */
 
+#if defined(MBEDTLS_SSL_PROTO_SSL3)   ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1)   ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)
+
 /* This macro determines whether CBC is supported. */
 #if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
     ( defined(MBEDTLS_AES_C)      ||                                  \
@@ -139,6 +148,12 @@
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 
+/* This macro determines whether a ciphersuite using a
+ * stream cipher can be used. */
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
+#endif
+
 /* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
     ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
@@ -147,11 +162,13 @@
 #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
 #endif
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) ||   \
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) ||
     defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
 #define MBEDTLS_SSL_SOME_SUITES_USE_MAC
 #endif
 
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */
+
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 /* Ciphersuites using HMAC */
 #if defined(MBEDTLS_SHA512_C)

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 10ddf0d..f3cf8f5 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -683,7 +683,7 @@
     /*
      * Encrypt
      */
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
     if( mode == MBEDTLS_MODE_STREAM )
     {
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -708,7 +708,7 @@
         }
     }
     else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
 
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
@@ -1245,7 +1245,7 @@
     }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM)
     if( mode == MBEDTLS_MODE_STREAM )
     {
         padlen = 0;
@@ -1266,7 +1266,7 @@
         }
     }
     else
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */
 #if defined(MBEDTLS_GCM_C) || \
     defined(MBEDTLS_CCM_C) || \
     defined(MBEDTLS_CHACHAPOLY_C)