9eddaebda5
The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory. |
||
---|---|---|
.. | ||
mbedtls | ||
.gitignore | ||
CMakeLists.txt |