eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions

Browse source 
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-09-27 13:41:12 +02:00
parent 89ad62352d
commit a82290b727
3 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/mbedtls/check_config.h
View file

@ -962,6 +962,9 @@
#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites" #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && !( defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) )
#error "MBEDTLS_SSL_SESSION_TICKETS defined, but not all prerequisites"
#endif
/* Reject attempts to enable options that have been removed and that could /* Reject attempts to enable options that have been removed and that could

7
library/ssl_ticket.c
View file

@ -114,6 +114,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
/* /*
* Rotate/generate keys if necessary * Rotate/generate keys if necessary
*/ */
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
{ {
@ -150,6 +151,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
return( 0 ); return( 0 );
} }
#endif
/* /*
* Rotate active session ticket encryption key * Rotate active session ticket encryption key
@ -293,7 +295,7 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
* The key_name, iv, and length of encrypted_state are the additional * The key_name, iv, and length of encrypted_state are the additional
* authenticated data. * authenticated data.
*/ */
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
int mbedtls_ssl_ticket_write( void *p_ticket, int mbedtls_ssl_ticket_write( void *p_ticket,
const mbedtls_ssl_session *session, const mbedtls_ssl_session *session,
unsigned char *start, unsigned char *start,
@ -390,7 +392,9 @@ cleanup:
return( ret ); return( ret );
} }
#endif
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/* /*
* Select key based on name * Select key based on name
*/ */
@ -517,6 +521,7 @@ cleanup:
return( ret ); return( ret );
} }
#endif
/* /*
* Free context * Free context

1
tests/scripts/all.sh
View file

@ -1296,6 +1296,7 @@ component_test_crypto_default_stream_cipher_only () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_NIST_KW_C
scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
# Enable stream(null) cipher only # Enable stream(null) cipher only
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER