From e6ed6a1fc4ab3ceade47d948621767cb5bf990ee Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 22 Jul 2016 13:49:02 +0100 Subject: [PATCH] Fix guards in SSL for ECDH key exchanges --- library/ssl_cli.c | 11 ++++++++++- library/ssl_srv.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1d8b33fa3..16fd43b71 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2349,7 +2349,9 @@ exit: #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { @@ -2513,7 +2515,9 @@ exit: } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) @@ -2790,7 +2794,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { @@ -2968,7 +2974,10 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && - !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 59608eaca..6f800038e 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2339,7 +2339,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { @@ -2524,7 +2526,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ @@ -3370,7 +3374,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { @@ -3547,7 +3553,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) } #endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED && !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED && - !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )