Reverting deleted macros
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7d04a6e..30e64c4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1878,7 +1878,7 @@
* even is lower than our min version.
*/
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
- minor_ver < MBEDTLS_SSL_MAJOR_VERSION_3 - 1 ||
+ minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
major_ver > ssl->conf->max_major_ver ||
minor_ver > ssl->conf->max_minor_ver )
{
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 147530d..ce95432 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -65,6 +65,16 @@
#define inline __inline
#endif
+/* Legacy minor version numbers as defined by:
+ * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
+ * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
+ *
+ * We no longer support these versions, but some code still references those
+ * constants, for keep them for now until we clean up that code.
+ */
+#define MBEDTLS_SSL_MINOR_VERSION_1 1
+#define MBEDTLS_SSL_MINOR_VERSION_2 2
+
/* Determine minimum supported version */
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 1d314c2..2359cfe 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -643,28 +643,19 @@
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+ unsigned char mac[MBEDTLS_SSL_MAC_ADD];
- ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
- transform->minor_ver );
+ ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
+ transform->minor_ver );
- mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
- add_data_len );
- mbedtls_md_hmac_update( &transform->md_ctx_enc,
- data, rec->data_len );
- mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
- mbedtls_md_hmac_reset( &transform->md_ctx_enc );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
+ add_data_len );
+ mbedtls_md_hmac_update( &transform->md_ctx_enc, data, rec->data_len );
+ mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
+ mbedtls_md_hmac_reset( &transform->md_ctx_enc );
- memcpy( data + rec->data_len, mac, transform->maclen );
- }
- else
+ memcpy( data + rec->data_len, mac, transform->maclen );
#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
transform->maclen );
@@ -837,31 +828,26 @@
* Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( f_rng == NULL )
{
- if( f_rng == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- if( rec->data_offset < transform->ivlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
- }
-
- /*
- * Generate IV
- */
- ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
- if( ret != 0 )
- return( ret );
-
- memcpy( data - transform->ivlen, transform->iv_enc,
- transform->ivlen );
-
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+
+ if( rec->data_offset < transform->ivlen )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ }
+
+ /*
+ * Generate IV
+ */
+ ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
+ if( ret != 0 )
+ return( ret );
+
+ memcpy( data - transform->ivlen, transform->iv_enc, transform->ivlen );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
@@ -1369,11 +1355,8 @@
* Check immediate ciphertext sanity
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /* The ciphertext is prefixed with the CBC IV. */
- minlen += transform->ivlen;
- }
+ /* The ciphertext is prefixed with the CBC IV. */
+ minlen += transform->ivlen;
#endif
/* Size considerations:
@@ -1478,15 +1461,12 @@
/*
* Initialize for prepended IV for block cipher in TLS v1.2
*/
- if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
- memcpy( transform->iv_dec, data, transform->ivlen );
+ /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
+ memcpy( transform->iv_dec, data, transform->ivlen );
- data += transform->ivlen;
- rec->data_offset += transform->ivlen;
- rec->data_len -= transform->ivlen;
- }
+ data += transform->ivlen;
+ rec->data_offset += transform->ivlen;
+ rec->data_len -= transform->ivlen;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
@@ -5026,8 +5006,7 @@
/* For TLS 1.2 or higher, an explicit IV is added
* after the record header. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
- transform_expansion += block_size;
+ transform_expansion += block_size;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
break;
@@ -5169,21 +5148,13 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+ MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
{
- if( ( ret = mbedtls_ssl_send_alert_message( ssl,
- MBEDTLS_SSL_ALERT_LEVEL_WARNING,
- MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
- {
- return( ret );
- }
+ return( ret );
}
- else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
}
return( 0 );
@@ -5607,7 +5578,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( minor == MBEDTLS_SSL_MINOR_VERSION_3 - 1 )
+ if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
@@ -5632,7 +5603,7 @@
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
- if( *minor == MBEDTLS_SSL_MINOR_VERSION_3 - 2 )
+ if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
else
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 259ff56..0fe8b96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -948,23 +948,14 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
+ /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+ For AEAD-based ciphersuites, there is nothing to do here. */
+ if( mac_key_len != 0 )
{
- /* For HMAC-based ciphersuites, initialize the HMAC transforms.
- For AEAD-based ciphersuites, there is nothing to do here. */
- if( mac_key_len != 0 )
- {
- mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
- mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
- }
+ mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+ mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
}
- else
#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- goto end;
- }
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
((void) mac_dec);