[tls] Clean up change cipher spec record handling
Define and use data structures and constants for the (single-byte)
change cipher spec records.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 6fcb69b..99c7be0 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -52,6 +52,9 @@
/** Change cipher content type */
#define TLS_TYPE_CHANGE_CIPHER 20
+/** Change cipher spec magic byte */
+#define TLS_CHANGE_CIPHER_SPEC 1
+
/** Alert content type */
#define TLS_TYPE_ALERT 21
diff --git a/src/net/tls.c b/src/net/tls.c
index 8996296..e0231b1 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1682,9 +1682,14 @@
* @ret rc Return status code
*/
static int tls_send_change_cipher ( struct tls_connection *tls ) {
- static const uint8_t change_cipher[1] = { 1 };
+ static const struct {
+ uint8_t spec;
+ } __attribute__ (( packed )) change_cipher = {
+ .spec = TLS_CHANGE_CIPHER_SPEC,
+ };
+
return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
- change_cipher, sizeof ( change_cipher ) );
+ &change_cipher, sizeof ( change_cipher ) );
}
/**
@@ -1737,14 +1742,20 @@
*/
static int tls_new_change_cipher ( struct tls_connection *tls,
const void *data, size_t len ) {
+ const struct {
+ uint8_t spec;
+ } __attribute__ (( packed )) *change_cipher = data;
int rc;
- if ( ( len != 1 ) || ( *( ( uint8_t * ) data ) != 1 ) ) {
+ /* Sanity check */
+ if ( ( sizeof ( *change_cipher ) != len ) ||
+ ( change_cipher->spec != TLS_CHANGE_CIPHER_SPEC ) ) {
DBGC ( tls, "TLS %p received invalid Change Cipher\n", tls );
- DBGC_HD ( tls, data, len );
+ DBGC_HD ( tls, change_cipher, len );
return -EINVAL_CHANGE_CIPHER;
}
+ /* Change receive cipher spec */
if ( ( rc = tls_change_cipher ( tls, &tls->rx_cipherspec_pending,
&tls->rx_cipherspec ) ) != 0 ) {
DBGC ( tls, "TLS %p could not activate RX cipher: %s\n",
