Start refining parameters of populate_transform()
Parameters 'handshake' and 'ssl' will be replaced with more fine-grained
inputs in follow-up commits.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ad1430b..6563d9a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -978,12 +978,21 @@
}
/*
- * This function will ultimetaly only be responsible for populating a
- * transform structure from data passed as explicit parameters.
+ * Populate a transform structure with session keys and all the other
+ * necessary information.
*
- * For now however it's doing rather more in a rather less explicit way.
+ * Parameters:
+ * - [in/out]: transform: structure to populate
+ * [in] must be just initialised with mbedtls_ssl_transform_init()
+ * [out] fully populate, ready for use by mbedtls_ssl_{en,de}crypt_buf()
+ * - [in] session: used members: encrypt_then_max, master, compression
+ * - [in] handshake: used members: prf, ciphersuite_info, randbytes
+ * - [in]: ssl: used members: minor_ver, conf->endpoint
*/
-static int ssl_populate_transform( mbedtls_ssl_context *ssl )
+static int ssl_populate_transform( mbedtls_ssl_transform *transform,
+ const mbedtls_ssl_session *session,
+ const mbedtls_ssl_handshake_params *handshake,
+ const mbedtls_ssl_context *ssl )
{
int ret = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1001,10 +1010,6 @@
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
- mbedtls_ssl_session *session = ssl->session_negotiate;
- mbedtls_ssl_transform *transform = ssl->transform_negotiate;
- mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
transform->encrypt_then_mac = session->encrypt_then_mac;
@@ -1732,7 +1737,10 @@
}
/* Populate transform structure */
- ret = ssl_populate_transform( ssl );
+ ret = ssl_populate_transform( ssl->transform_negotiate,
+ ssl->session_negotiate,
+ ssl->handshake,
+ ssl );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret );