Clean up some remnants of TLS pre-1.2 support
Now that support for earlier version have been removed, we no longer need to care about them. Since TLS 1.3 is being gradually introduced, we might still need a version check in some places - but here the function is called ssl_tls12_populate_tranform() and TLS 1.3 has its own function mbedtls_ssl_tls13_populate_transform(), so when this function is called we just know we're using TLS 1.2. Reviewer hint: use the -b option of git diff / git show Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
304689e4c4
commit
a0b4b0c3cd
1 changed files with 26 additions and 55 deletions
|
@ -973,39 +973,24 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
/* Only use PSA-based ciphers for TLS-1.2.
|
||||
* That's relevant at least for TLS-1.0, where
|
||||
* we assume that mbedtls_cipher_crypt() updates
|
||||
* the structure field for the IV, which the PSA-based
|
||||
* implementation currently doesn't. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
|
||||
cipher_info, transform->taglen );
|
||||
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||
{
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc,
|
||||
cipher_info, transform->taglen );
|
||||
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
|
||||
goto end;
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
|
||||
goto end;
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
|
||||
psa_fallthrough = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
|
||||
psa_fallthrough = 1;
|
||||
}
|
||||
if( ret == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) );
|
||||
psa_fallthrough = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) );
|
||||
psa_fallthrough = 1;
|
||||
#else
|
||||
psa_fallthrough = 1;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
if( psa_fallthrough == 1 )
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
@ -1017,38 +1002,24 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Only use PSA-based ciphers for TLS-1.2.
|
||||
* That's relevant at least for TLS-1.0, where
|
||||
* we assume that mbedtls_cipher_crypt() updates
|
||||
* the structure field for the IV, which the PSA-based
|
||||
* implementation currently doesn't. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
|
||||
cipher_info, transform->taglen );
|
||||
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||
{
|
||||
ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec,
|
||||
cipher_info, transform->taglen );
|
||||
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
|
||||
goto end;
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret );
|
||||
goto end;
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
|
||||
psa_fallthrough = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
|
||||
psa_fallthrough = 1;
|
||||
}
|
||||
if( ret == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) );
|
||||
psa_fallthrough = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) );
|
||||
psa_fallthrough = 1;
|
||||
#else
|
||||
psa_fallthrough = 1;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
}
|
||||
|
||||
if( psa_fallthrough == 1 )
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
|
Loading…
Reference in a new issue