eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tls13: Add missing kex guards

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-10-18 12:17:11 +02:00
parent 82be0d4b4d
commit 766c0cdb1f
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
library/ssl_tls13_client.c
View file

@ -210,6 +210,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
/* /*
* Functions for writing key_share extension. * Functions for writing key_share extension.
*/ */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id ) uint16_t *group_id )
@ -364,7 +365,7 @@ cleanup:
return( ret ); return( ret );
} }
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
/* /*
* ssl_tls13_parse_hrr_key_share_ext() * ssl_tls13_parse_hrr_key_share_ext()
@ -1142,6 +1143,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
p += ext_len; p += ext_len;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{ {
ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len ); ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
@ -1149,6 +1151,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
p += ext_len; p += ext_len;
} }
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* For PSK-based key exchange we need the pre_shared_key extension /* For PSK-based key exchange we need the pre_shared_key extension

2
library/ssl_tls13_server.c
View file

@ -3027,6 +3027,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
ret = ssl_tls13_handshake_wrapup( ssl ); ret = ssl_tls13_handshake_wrapup( ssl );
break; break;
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE: case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = mbedtls_ssl_tls13_process_certificate( ssl ); ret = mbedtls_ssl_tls13_process_certificate( ssl );
if( ret == 0 ) if( ret == 0 )
@ -3053,6 +3054,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
ssl, MBEDTLS_SSL_CLIENT_FINISHED ); ssl, MBEDTLS_SSL_CLIENT_FINISHED );
} }
break; break;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
case MBEDTLS_SSL_NEW_SESSION_TICKET: case MBEDTLS_SSL_NEW_SESSION_TICKET: