Move is_valid_ccs as a method of InboundMessage

Signed-off-by: Eloi DEMOLIS <eloi.demolis@clever-cloud.com>

rustls/src/conn.rs

@@ -344,15 +344,6 @@ impl ConnectionRandoms {
     }
 }
 
-// --- Common (to client and server) connection functions ---
-
-fn is_valid_ccs(msg: &InboundMessage) -> bool {
-    // We passthrough ChangeCipherSpec messages in the deframer without decrypting them.
-    // Note: this is prior to the record layer, so is unencrypted. See
-    // third paragraph of section 5 in RFC8446.
-    msg.typ == ContentType::ChangeCipherSpec && msg.payload == [0x01]
-}
-
 /// Interface shared by client and server connections.
 pub struct ConnectionCommon<Data> {
     pub(crate) core: ConnectionCore<Data>,
@@ -853,7 +844,7 @@ impl<Data> ConnectionCore<Data> {
                 .may_receive_application_data
             && self.common_state.is_tls13()
         {
-            if !is_valid_ccs(&msg)
+            if !msg.is_valid_ccs()
                 || self.common_state.received_middlebox_ccs > TLS13_MAX_DROPPED_CCS
             {
                 // "An implementation which receives any other change_cipher_spec value or

rustls/src/msgs/message.rs

@@ -437,6 +437,17 @@ pub struct InboundMessage<'a> {
     pub payload: &'a [u8],
 }
 
+impl InboundMessage<'_> {
+    /// Returns true if the payload is a CCS message.
+    ///
+    /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them.
+    /// Note: this is prior to the record layer, so is unencrypted. See
+    /// third paragraph of section 5 in RFC8446.
+    pub(crate) fn is_valid_ccs(&self) -> bool {
+        self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01]
+    }
+}
+
 impl BorrowedPlainMessage for InboundMessage<'_> {
     fn payload_to_vec(&self) -> Vec<u8> {
         self.payload.to_vec()