From 9659dae04642e22f3470b61b4dba39a4506cc6ba Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 28 Aug 2013 16:21:34 +0200 Subject: [PATCH] Some extra code defined out --- library/ssl_cli.c | 37 +++++++++++++++++++++++++------------ library/ssl_srv.c | 4 ++++ 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 18094a3d13..0fccf34437 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1362,19 +1362,19 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { params_len = p - ( ssl->in_msg + 4 ); -#if defined(POLARSSL_SSL_PROTO_TLS1_2) /* * Handle the digitally-signed structure */ - if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &pk_alg ) != 0 ) +#if defined(POLARSSL_SSL_PROTO_TLS1_2) + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } + if( ssl_parse_signature_algorithm( ssl, &p, end, + &md_alg, &pk_alg ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } - if( pk_alg != POLARSSL_PK_NONE ) - { if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); @@ -1383,13 +1383,22 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) } else #endif +#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ + defined(POLARSSL_SSL_PROTO_TLS1_1) + if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) { pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); - } - /* Default hash for ECDSA is SHA-1 */ - if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE ) - md_alg = POLARSSL_MD_SHA1; + /* Default hash for ECDSA is SHA-1 */ + if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE ) + md_alg = POLARSSL_MD_SHA1; + } + else +#endif + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } /* * Read signature @@ -1443,6 +1452,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) else #endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \ POLARSSL_SSL_PROTO_TLS1_1 */ +#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ + defined(POLARSSL_SSL_PROTO_TLS1_2) if( md_alg != POLARSSL_MD_NONE ) { md_context_t ctx; @@ -1470,6 +1481,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md_free_ctx( &ctx ); } else +#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ + POLARSSL_SSL_PROTO_TLS1_2 */ { SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index dc684ad34f..5bedcadce5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2027,6 +2027,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) else #endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \ POLARSSL_SSL_PROTO_TLS1_1 */ +#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \ + defined(POLARSSL_SSL_PROTO_TLS1_2) if( md_alg != POLARSSL_MD_NONE ) { md_context_t ctx; @@ -2060,6 +2062,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) } else +#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \ + POLARSSL_SSL_PROTO_TLS1_2 */ { SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );