yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 03:35:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use new tools for all cases with TLS-specific code

Browse Source 
This commit handles occurrences of case 2 and 3 in the following list:

1. Some DTLS-specific code with no TLS-specific code (most frequent)
2. Some specific code for each protocol
3. Some TLS-specific code with no DTLS-specific code (least frequent)

Case 3 previously had a weird structure in that the TLS-specific code was
always present, but the if structure was conditional on DTLS being enabled.
This is changed by this commit to a more logical structure where both the code
and the test are conditional on TLS being enabled.

Case 2 doesn't require any change in the code structure in general. However,
there is one occurrence where the if/else structure is simplified to assigning
the result of a boolean operation, and one occurrence where I also noticed a
useless use of `ssl_ep_len()` in a TLS-specific branch, that I turned to the
constant 0 as it makes more sense.

Case 1 will be handled in the next commit, as it can easily be handled in an
automated way - only cases 2 and 3 (sometimes) required manual intervention.

The list of occurrences for cases 2 and 3 was established manually by looking
for occurrences of '= MBEDTLS_SSL_TRANSPORT_' in the code and manually
checking if there was a TLS-specific branch.

New sizes (see previous commit for the measuring script):

```

both
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  17156       0       0   17156    4304 ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  17649       0       0   17649    44f1 ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  39286      60       0   39346    99b2 ssl_tls.o (ex library/libmbedtls.a)
  88874      60     600   89534   15dbe (TOTALS)

DTLS-only
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  17068       0       0   17068    42ac ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  17553       0       0   17553    4491 ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  38499      60       0   38559    969f ssl_tls.o (ex library/libmbedtls.a)
  87903      60     600   88563   159f3 (TOTALS)

TLS-only
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  14912       0       0   14912    3a40 ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  15868       0       0   15868    3dfc ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  27619      60       0   27679    6c1f ssl_tls.o (ex library/libmbedtls.a)
  73182      60     600   73842   12072 (TOTALS)
```
This commit is contained in:
Manuel Pégourié-Gonnard 2019-06-06 10:34:48 +02:00
parent 25838b795f
commit ff4bd9f405
3 changed files with 116 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/ssl_cli.c
View File

@ -1762,12 +1762,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
else
#endif
accept_comp = 1;
accept_comp = MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport );
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )

33
library/ssl_srv.c
View File

@ -1304,12 +1304,13 @@ read_record_header:
buf = ssl->in_hdr;
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
#endif
if( ( buf[0] & 0x80 ) != 0 )
return( ssl_parse_client_hello_v2( ssl ) );
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) && \
defined(MBEDTLS_SSL_PROTO_TLS)
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) &&
( buf[0] & 0x80 ) != 0 )
{
return( ssl_parse_client_hello_v2( ssl ) );
}
#endif
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
@ -1407,13 +1408,19 @@ read_record_header:
return( ret );
}
/* Done reading this record, get ready for the next one */
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
else
}
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_left = 0;
}
#endif
}
buf = ssl->in_msg;
@ -1595,7 +1602,7 @@ read_record_header:
* Check the cookie length and content
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset];
@ -1650,9 +1657,13 @@ read_record_header:
*/
ciph_offset = cookie_offset + 1 + cookie_len;
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ciph_offset = 35 + sess_len;
}
#endif
ciph_len = ( buf[ciph_offset + 0] << 8 )
| ( buf[ciph_offset + 1] );

147
library/ssl_tls.c
View File

@ -61,12 +61,14 @@ static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
/* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
#else
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) ssl);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
return( 2 );
#endif
return( 0 );
}
@ -3269,15 +3271,17 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_hdr = ssl->out_buf;
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_hdr = ssl->out_buf + 8;
}
#endif
ssl_update_out_pointers( ssl, ssl->transform_out );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
@ -4137,7 +4141,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
@ -4201,14 +4205,18 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
}
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/* With TLS we don't handle fragmentation (for now) */
if( ssl->in_msglen < ssl->in_hslen )
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
/* With TLS we don't handle fragmentation (for now) */
if( ssl->in_msglen < ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
}
#endif
return( 0 );
}
@ -4604,13 +4612,15 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_PROTO_TLS)
/* Silently ignore invalid DTLS records as recommended by RFC 6347
* Section 4.1.2.7 */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
#endif /* MBEDTLS_SSL_PROTO_DTLS */
* Section 4.1.2.7, that is, send alert only with TLS */
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
{
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@ -4906,26 +4916,23 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
else
ssl->nb_zero = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
; /* in_ctr read from peer, not maintained internally */
}
else
#endif
/* Only needed for TLS, as with DTLS in_ctr is read from the header */
#if defined(MBEDTLS_SSL_PROTO_TLS)
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
{
unsigned i;
for( i = 8; i > ssl_ep_len( ssl ); i-- )
for( i = 8; i > 0; i-- )
if( ++ssl->in_ctr[i - 1] != 0 )
break;
/* The loop goes to its end iff the counter is wrapping */
if( i == ssl_ep_len( ssl ) )
if( i == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
}
@ -5700,7 +5707,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left )
@ -5708,14 +5715,18 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
}
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_left = 0;
}
#endif
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/* Silently discard invalid records */
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
@ -5758,8 +5769,9 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
return( ret );
}
else
#endif
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
/* Error out (and send alert) on invalid records */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
@ -5772,6 +5784,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
#endif
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
}
return( 0 );
@ -6614,7 +6627,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
ssl_dtls_replay_reset( ssl );
@ -6629,9 +6642,13 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 );
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
memset( ssl->in_ctr, 0, 8 );
}
#endif
ssl_update_in_pointers( ssl );
@ -7130,7 +7147,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
unsigned char i;
@ -7153,9 +7170,13 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
}
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->cur_out_ctr, 0, 8 );
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
memset( ssl->cur_out_ctr, 0, 8 );
}
#endif
ssl->transform_out = ssl->transform_negotiate;
ssl->session_out = ssl->session_negotiate;
@ -7461,7 +7482,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_ctr = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -7474,8 +7495,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2;
}
else
#endif
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_ctr = ssl->out_hdr - 8;
ssl->out_len = ssl->out_hdr + 3;
@ -7484,6 +7506,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
#endif
ssl->out_iv = ssl->out_hdr + 5;
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Adjust out_msg to make space for explicit IV, if used. */
if( transform != NULL &&
@ -7516,7 +7539,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/* This sets the header pointers to match records
* without CID. When we receive a record containing
@ -7531,8 +7554,9 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2;
}
else
#endif
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_len = ssl->in_hdr + 3;
@ -7541,6 +7565,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
#endif
ssl->in_iv = ssl->in_hdr + 5;
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* This will be adjusted at record decryption time. */
ssl->in_msg = ssl->in_iv;
@ -7562,17 +7587,19 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
{
/* Set the incoming and outgoing record pointers. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->out_hdr = ssl->out_buf;
ssl->in_hdr = ssl->in_buf;
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->out_hdr = ssl->out_buf + 8;
ssl->in_hdr = ssl->in_buf + 8;
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Derive other internal pointers. */
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
@ -9795,16 +9822,20 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
if( len > max_len )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
"maximum fragment length: %d > %d",
len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
else
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
len = max_len;
}
#endif
}
if( ssl->out_left != 0 )
@ -10770,8 +10801,12 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
void mbedtls_ssl_write_version( int major, int minor, int transport,
unsigned char ver[2] )
{
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
@ -10779,21 +10814,25 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
}
else
#else
((void) transport);
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor;
}
#endif
}
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] )
{
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{
*major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1;
@ -10801,14 +10840,14 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
}
else
#else
((void) transport);
MBEDTLS_SSL_TRANSPORT_ELSE
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
*major = ver[0];
*minor = ver[1];
}
#endif
}
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )