From c3091b1c8c0acb2152d931c508138600a6235fec Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Dec 2021 14:57:39 +0800 Subject: [PATCH] tls13_only: compile pass Signed-off-by: Jerry Yu --- library/ssl_cli.c | 2 ++ library/ssl_misc.h | 12 ++++++++---- library/ssl_srv.c | 16 +++++++++++----- library/ssl_tls.c | 33 ++++++++++++++++++++++++++++----- 4 files changed, 49 insertions(+), 14 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 694473f2b0..e5cd8ddbdb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2931,8 +2931,10 @@ start_processing: #endif mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void *rs_ctx = NULL; mbedtls_pk_context * peer_pk; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4d753c8b7e..9104a591bf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -79,7 +79,9 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 @@ -87,10 +89,14 @@ /* Determine maximum supported version */ #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4 +#elif defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + + /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ defined(MBEDTLS_SSL_CLI_C) && \ @@ -748,7 +754,6 @@ struct mbedtls_ssl_handshake_params /* * Checksum contexts */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; @@ -763,7 +768,6 @@ struct mbedtls_ssl_handshake_params mbedtls_sha512_context fin_sha512; #endif #endif -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) uint16_t offered_group_id; /* The NamedGroup value for the group diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 522e59e33b..f4bf5bff60 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2956,9 +2956,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->handshake->ciphersuite_info; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char *dig_signed = NULL; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED && + MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ (void) ciphersuite_info; /* unused in some configurations */ @@ -3064,7 +3066,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3130,7 +3133,8 @@ curve_matching_done: return( ret ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) dig_signed = ssl->out_msg + ssl->out_msglen; #endif @@ -3150,7 +3154,9 @@ curve_matching_done: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ size_t hashlen = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -3165,7 +3171,7 @@ curve_matching_done: * to choose appropriate hash. */ - mbedtls_md_type_t md_alg; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae6f635c99..24afbe4a43 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -632,6 +632,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + ((void) tls_prf); return( MBEDTLS_SSL_TLS_PRF_NONE ); } @@ -1121,8 +1122,11 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, int minor_ver, mbedtls_md_type_t hash ) { -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C) +#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \ + !( defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA256_C) ) (void) hash; + (void) handshake; + (void) minor_ver; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -2001,9 +2005,8 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); return( 0 ); } - - return( -1 ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( -1 ); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -2458,6 +2461,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { + ((void) ssl); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2481,6 +2485,9 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { + ((void) ssl); + ((void) buf); + ((void) len); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -5198,6 +5205,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, return( ssl_session_save( session, 0, buf, buf_len, olen ) ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Deserialize session, see mbedtls_ssl_session_save() for format. * @@ -5402,6 +5410,7 @@ static int ssl_session_load_tls12( mbedtls_ssl_session *session, return( 0 ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ static int ssl_session_load( mbedtls_ssl_session *session, unsigned char omit_header, @@ -6212,6 +6221,10 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen ); static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +/* TODO: This function has some problem when + !MBEDTLS_SHA384_C && !MBEDTLS_SHA256_C && MBEDTLS_SHA512_C +*/ #if defined(MBEDTLS_SHA384_C) const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); @@ -6222,6 +6235,11 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) (void) ciphersuite_id; #endif return( tls_prf_sha256 ); +#else + ((void) ciphersuite_id); + return NULL; +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + } /* @@ -7593,16 +7611,21 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA384_C */ +#endif /* MBEDTLS_SHA384_C && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); -#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_SHA256_C && MBEDTLS_SSL_PROTO_TLS1_2*/ default: break; } + ((void) ssl); + ((void) md); + ((void) dst); + ((void) dst_len); + ((void) olen); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); }