Use native DTLS version encoding if only DTLS is enabled

This commit changes the internal identifiers MBEDTLS_SSL_MINOR_VERSION_XXX in DTLS-only builds to match the version encoding used by the DTLS standard, encoding DTLS 1.0 as 255 and DTLS 1.2 as DTLS 1.0. Accordingly, the version comparison functions introduced in the previous commit must be re-implemented, as older version have _larger_ identifiers now. Further, since we identify DTLS 1.0 as MBEDTLS_SSL_MINOR_VERSION_2 and DTLS 1.2 as MBEDTLS_SSL_MINOR_VERSION_3, what remains is to define MBEDTLS_SSL_MINOR_VERSION_{0|1}. While these don't have any meaning meaning in DTLS, they still need to be set and obey the ordering in the sense that the version comparison functions '<=' should attest that MBEDTLS_SSL_MINOR_VERSION_i '<=' MBEDTLS_SSL_MINOR_VERSION_j for i <= j. Since '<=' is actually >= and the wire format value for DTLS 1.0 == MBEDTLS_SSL_MINOR_VERSION_2 is the 255, this forces us to use values beyond 255, and hence to extend the storage type for minor versions from uint8_t to uint16_t.
2024-11-22 23:35:49 +01:00 · 2019-07-26 11:59:45 +01:00 · 2019-07-26 11:59:45 +01:00 · d5cfe6fbd0
commit d5cfe6fbd0
parent 7bcf2b5875
2 changed files with 61 additions and 7 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -139,11 +139,19 @@
 /*
 * Various constants
 */
+#if !defined(MBEDTLS_SSL_PROTO_NO_TLS)
 #define MBEDTLS_SSL_MAJOR_VERSION_3             3
 #define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
 #define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
 #define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
 #define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
+#else /* MBEDTLS_SSL_PROTO_NO_TLS */
+#define MBEDTLS_SSL_MAJOR_VERSION_3             254
+#define MBEDTLS_SSL_MINOR_VERSION_0             257   /*!< unused    */
+#define MBEDTLS_SSL_MINOR_VERSION_1             256   /*!< unused    */
+#define MBEDTLS_SSL_MINOR_VERSION_2             255   /*!< DTLS v1.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_3             253   /*!< DTLS v1.2 */
+#endif /* MBEDTLS_SSL_PROTO_NO_TLS */

 #define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
@ -1151,18 +1159,18 @@ struct mbedtls_ssl_config
    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
 #endif

-#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
-    unsigned char max_major_ver;    /*!< max. major version used            */
-#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
-#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
-    unsigned char max_minor_ver;    /*!< max. minor version used            */
-#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
 #if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
    unsigned char min_major_ver;    /*!< min. major version used            */
 #endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
+#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
+    unsigned char max_major_ver;    /*!< max. major version used            */
+#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
 #if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
-    unsigned char min_minor_ver;    /*!< min. minor version used            */
+    uint16_t min_minor_ver;    /*!< min. minor version used            */
 #endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
+#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
+    uint16_t max_minor_ver;    /*!< max. minor version used            */
+#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */

    /*
     * Flags (bitfields)
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -1176,6 +1176,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
          MBEDTLS_SSL_PROTO_TLS1_2 */

+#if defined(MBEDTLS_SSL_PROTO_TLS)
+
 /*
 * Convert version numbers to/from wire format
 * and, for DTLS, to/from TLS equivalent.
@ -1258,6 +1260,50 @@ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 )
    return( v0 > v1 );
 }

+#else /* MBEDTLS_SSL_PROTO_TLS */
+
+/* If only DTLS is enabled, we can match the internal encoding
+ * with the standard's encoding of versions. */
+static inline void mbedtls_ssl_write_version( int major, int minor,
+                                              int transport,
+                                              unsigned char ver[2] )
+{
+    ((void) transport);
+    ver[0] = (unsigned char) major;
+    ver[1] = (unsigned char) minor;
+}
+
+static inline void mbedtls_ssl_read_version( int *major, int *minor,
+                                             int transport,
+                                             const unsigned char ver[2] )
+{
+    ((void) transport);
+    *major = ver[0];
+    *minor = ver[1];
+}
+
+MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 )
+{
+    return( v0 >= v1 );
+}
+
+MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 )
+{
+    return( v0 > v1 );
+}
+
+MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 )
+{
+    return( v0 <= v1 );
+}
+
+MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 )
+{
+    return( v0 < v1 );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS */
+
 MBEDTLS_ALWAYS_INLINE static inline size_t mbedtls_ssl_minor_ver_index(
    int ver )
 {