From 766c0cdb1f96c487225c8530a8b8570f1d1c34f0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 18 Oct 2022 12:17:11 +0200 Subject: [PATCH] tls13: Add missing kex guards Signed-off-by: Ronald Cron --- library/ssl_tls13_client.c | 5 ++++- library/ssl_tls13_server.c | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index acac23174..0ff85c674 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -210,6 +210,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) /* * Functions for writing key_share extension. */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl, uint16_t *group_id ) @@ -364,7 +365,7 @@ cleanup: return( ret ); } - +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ /* * ssl_tls13_parse_hrr_key_share_ext() @@ -1142,6 +1143,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) { ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len ); @@ -1149,6 +1151,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; } +#endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* For PSK-based key exchange we need the pre_shared_key extension diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2b33a00e1..8b9ac343a 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3027,6 +3027,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_handshake_wrapup( ssl ); break; +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = mbedtls_ssl_tls13_process_certificate( ssl ); if( ret == 0 ) @@ -3053,6 +3054,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_CLIENT_FINISHED ); } break; +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) case MBEDTLS_SSL_NEW_SESSION_TICKET: