From 90f152dfac5882e52805ddbaeb667151653930a0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 29 Jan 2022 22:12:42 +0800 Subject: [PATCH] fix psk only build fail Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 ++++ library/ssl_tls13_client.c | 5 ++++- library/ssl_tls13_generic.c | 21 +++++---------------- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 71987e0327..68971cd3f0 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1735,6 +1735,7 @@ int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Handler of TLS 1.3 write certificate message */ @@ -1744,6 +1745,9 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl ); * Handler of TLS 1.3 write certificate verify message */ int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ); + +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * Generic handler of Certificate Verify */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index cdb41f0de3..207098c349 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1943,6 +1943,7 @@ static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE */ @@ -1962,6 +1963,7 @@ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl ) { return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) ); } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* * Handler for MBEDTLS_SSL_CLIENT_FINISHED @@ -2057,6 +2059,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) ret = ssl_tls13_process_server_finished( ssl ); break; +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = ssl_tls13_write_client_certificate( ssl ); break; @@ -2064,7 +2067,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: ret = ssl_tls13_write_client_certificate_verify( ssl ); break; - +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ case MBEDTLS_SSL_CLIENT_FINISHED: ret = ssl_tls13_write_client_finished( ssl ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 26e53a567d..b96fbc822c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -846,6 +846,7 @@ cleanup: #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ return( ret ); } +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * STATE HANDLING: Output Certificate @@ -862,7 +863,6 @@ cleanup: #define SSL_WRITE_CERTIFICATE_AVAILABLE 0 #define SSL_WRITE_CERTIFICATE_SKIP 1 - static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) { @@ -873,7 +873,6 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) return( SSL_WRITE_CERTIFICATE_SKIP ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { @@ -893,13 +892,9 @@ static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl ) #endif /* MBEDTLS_SSL_CLI_C */ return( SSL_WRITE_CERTIFICATE_AVAILABLE ); -#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); -#endif /* !MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, unsigned char *buf, size_t buflen, @@ -978,7 +973,6 @@ static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Update the state after handling the outgoing certificate message. */ static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl ) @@ -1003,7 +997,6 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) /* Coordination: Check if we need to send a certificate. */ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) ); -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( ret == SSL_WRITE_CERTIFICATE_AVAILABLE ) { unsigned char *buf; @@ -1025,7 +1018,6 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context* ssl ) ssl, buf_len, msg_len ) ); } else -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ { MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) ); @@ -1080,12 +1072,12 @@ static int ssl_tls13_write_certificate_verify_coordinate( return( SSL_WRITE_CERTIFICATE_VERIFY_SEND ); #else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + ((void) crt); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); #endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, unsigned char* buf, size_t buflen, @@ -1105,8 +1097,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, size_t handshake_hash_len; unsigned char *p; const mbedtls_md_info_t *md_info; - /* Verify whether we can use signature algorithm */ - // int signature_scheme_client; unsigned char * const end = buf + buflen; p = buf; @@ -1182,8 +1172,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - // signature_scheme_client = MBEDTLS_TLS1_3_SIG_NONE; - if( !mbedtls_ssl_sig_alg_is_received( ssl, sig_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); @@ -1223,7 +1211,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl, MBEDTLS_SSL_DEBUG_BUF( 3, "xverify hash", buf, *olen ); return( ret ); } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl ) { @@ -1279,6 +1266,8 @@ cleanup: return( ret ); } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + /* * * STATE HANDLING: Incoming Finished message.