Start refining parameters of populate_transform()

Parameters 'handshake' and 'ssl' will be replaced with more fine-grained inputs in follow-up commits.
2024-11-23 12:45:37 +01:00 · 2019-05-06 12:55:40 +02:00 · 2019-05-06 12:55:40 +02:00 · 12a3f445b6
commit 12a3f445b6
parent a1abb26094
1 changed files with 17 additions and 9 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -608,12 +608,21 @@ static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

 /*
- * This function will ultimetaly only be responsible for populating a
- * transform structure from data passed as explicit parameters.
+ * Populate a transform structure with session keys and all the other
+ * necessary information.
 *
- * For now however it's doing rather more in a rather less explicit way.
+ * Parameters:
+ * - [in/out]: transform: structure to populate
+ *      [in] must be just initialised with mbedtls_ssl_transform_init()
+ *      [out] fully populate, ready for use by mbedtls_ssl_{en,de}crypt_buf()
+ * - [in] session: used members: encrypt_then_max, master, compression
+ * - [in] handshake: used members: prf, ciphersuite_info, randbytes
+ * - [in]: ssl: used members: minor_ver, conf->endpoint
 */
-static int ssl_populate_transform( mbedtls_ssl_context *ssl )
+static int ssl_populate_transform( mbedtls_ssl_transform *transform,
+                                   const mbedtls_ssl_session *session,
+                                   const mbedtls_ssl_handshake_params *handshake,
+                                   const mbedtls_ssl_context *ssl )
 {
    int ret = 0;
    unsigned char keyblk[256];
@ -628,10 +637,6 @@ static int ssl_populate_transform( mbedtls_ssl_context *ssl )
    const mbedtls_cipher_info_t *cipher_info;
    const mbedtls_md_info_t *md_info;

-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    mbedtls_ssl_transform *transform = ssl->transform_negotiate;
-    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
    transform->encrypt_then_mac = session->encrypt_then_mac;
 #endif
@ -1170,7 +1175,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
    }

    /* Populate transform structure */
-    ret = ssl_populate_transform( ssl );
+    ret = ssl_populate_transform( ssl->transform_negotiate,
+                                  ssl->session_negotiate,
+                                  ssl->handshake,
+                                  ssl );
    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );