Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions

Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 13:41:12 +02:00 · 2022-09-27 13:41:12 +02:00 · a82290b727
commit a82290b727
parent 89ad62352d
3 changed files with 10 additions and 1 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -962,6 +962,9 @@
 #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
 #endif

+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && !( defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) )
+#error "MBEDTLS_SSL_SESSION_TICKETS defined, but not all prerequisites"
+#endif


 /* Reject attempts to enable options that have been removed and that could
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -114,6 +114,7 @@ static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
 /*
 * Rotate/generate keys if necessary
 */
+#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
 {
@ -150,6 +151,7 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
 #endif /* MBEDTLS_HAVE_TIME */
        return( 0 );
 }
+#endif

 /*
 * Rotate active session ticket encryption key
@ -293,7 +295,7 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
 * The key_name, iv, and length of encrypted_state are the additional
 * authenticated data.
 */
-
+#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
 int mbedtls_ssl_ticket_write( void *p_ticket,
                              const mbedtls_ssl_session *session,
                              unsigned char *start,
@ -390,7 +392,9 @@ cleanup:

    return( ret );
 }
+#endif

+#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
 /*
 * Select key based on name
 */
@ -517,6 +521,7 @@ cleanup:

    return( ret );
 }
+#endif

 /*
 * Free context
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1296,6 +1296,7 @@ component_test_crypto_default_stream_cipher_only () {
    scripts/config.py unset MBEDTLS_CTR_DRBG_C
    scripts/config.py unset MBEDTLS_CMAC_C
    scripts/config.py unset MBEDTLS_NIST_KW_C
+    scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS

    # Enable stream(null) cipher only
    scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER