commit c0da10dc3a491a4aab41503c12921e11fe7b9fb7
author Hanno Becker <hanno.becker@arm.com> Wed Apr 21 05:32:23 2021 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Aug 02 04:54:03 2021 +0100
tree e8e68a8286cf9ec767de4d42c9d33047850780c6
parent f62a730e80ebdc976d32b1d0f52078273ee1fb7f

Remove TLS 1.3 specific code from TLS <= 1.2 transform generator

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 33f4e60..88a3e74 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -714,6 +714,15 @@
     memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+    if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
+    {
+        /* At the moment, we keep TLS <= 1.2 and TLS 1.3 transform
+         * generation separate. This should never happen. */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
     /*
      * Get various info structures
      */
@@ -806,19 +815,10 @@
          *   sequence number).
          */
         transform->ivlen = 12;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-        if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-        {
+        if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
             transform->fixed_ivlen = 12;
-        }
         else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-        {
-            if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
-                transform->fixed_ivlen = 12;
-            else
-                transform->fixed_ivlen = 4;
-        }
+            transform->fixed_ivlen = 4;
 
         /* Minimum length of encrypted record */
         explicit_ivlen = transform->ivlen - transform->fixed_ivlen;