Merge branch 'etm' into dtls

* etm: Fix some more warnings in reduced configs Fix typo causing MSVC errors
2024-11-29 22:04:15 +01:00 · 2014-11-17 15:07:17 +01:00 · 2014-11-17 15:07:17 +01:00 · 0975ad928d
commit 0975ad928d
parent f9d778d635 8e4b3374d7
2 changed files with 21 additions and 22 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1149,9 +1149,16 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
 #define MAC_PLAINTEXT   1
 #define MAC_CIPHERTEXT  2
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
 #define POLARSSL_SOME_MODES_USE_MAC
 #endif
 /*
 * Is MAC applied on ciphertext, cleartext or not at all?
 */
 #if defined(POLARSSL_SOME_MODES_USE_MAC)
 static char ssl_get_mac_order( ssl_context *ssl,
                               const ssl_session *session,
                               cipher_mode_t mode )
@ -1171,19 +1178,21 @@ static char ssl_get_mac_order( ssl_context *ssl,
            SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
            return( MAC_CIPHERTEXT );
        }
 #else
        ((void) ssl);
        ((void) session);
 #endif
        return( MAC_PLAINTEXT );
    }
-#endif
+#else
    /* Unused if AEAD is the only option */
    ((void) ssl);
    ((void) session);
-    ((void) mode);
+#endif
    return( MAC_NONE );
 }
 #endif /* POLARSSL_SOME_MODES_USE_MAC */
 /*
 * Encryption/decryption functions
@ -1192,19 +1201,14 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 {
    const cipher_mode_t mode = cipher_get_cipher_mode(
                                        &ssl->transform_out->cipher_ctx_enc );
    char mac_order;
    SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
    mac_order = ssl_get_mac_order( ssl, ssl->session_out, mode );
    /*
     * Add MAC before if needed
     */
-#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
+#if defined(POLARSSL_SOME_MODES_USE_MAC)
-    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
+    if( ssl_get_mac_order( ssl, ssl->session_out, mode ) == MAC_PLAINTEXT )
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
    if( mac_order == MAC_PLAINTEXT )
    {
 #if defined(POLARSSL_SSL_PROTO_SSL3)
        if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@ -1442,7 +1446,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 #endif
 #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
-        if( mac_order == MAC_CIPHERTEXT )
+        if( ssl_get_mac_order( ssl, ssl->session_out, mode ) == MAC_CIPHERTEXT )
        {
            /*
             * MAC(MAC_write_key, seq_num +
@ -1492,12 +1496,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
    size_t i;
    const cipher_mode_t mode = cipher_get_cipher_mode(
                                        &ssl->transform_in->cipher_ctx_dec );
-#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
+#if defined(POLARSSL_SOME_MODES_USE_MAC)
    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
    size_t padlen = 0, correct = 1;
 #endif
    char mac_order;
    SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
@ -1508,8 +1509,6 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_INVALID_MAC );
    }
    mac_order = ssl_get_mac_order( ssl, ssl->session_in, mode );
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
    if( mode == POLARSSL_MODE_STREAM )
    {
@ -1648,7 +1647,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         * Authenticate before decrypt if enabled
         */
 #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
-        if( mac_order == MAC_CIPHERTEXT )
+        if( ssl_get_mac_order( ssl, ssl->session_in, mode ) == MAC_CIPHERTEXT )
        {
            unsigned char computed_mac[POLARSSL_SSL_MAX_MAC_SIZE];
            unsigned char pseudo_hdr[13];
@ -1739,7 +1738,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
        if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
-            mac_order == MAC_PLAINTEXT )
+            ssl_get_mac_order( ssl, ssl->session_in, mode ) == MAC_PLAINTEXT )
        {
 #if defined(POLARSSL_SSL_DEBUG_ALL)
            SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
@ -1834,7 +1833,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
-    if( mac_order == MAC_PLAINTEXT )
+    if( ssl_get_mac_order( ssl, ssl->session_in, mode ) == MAC_PLAINTEXT )
    {
        unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -147,7 +147,7 @@ struct options
    uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
    int fallback;               /* is this a fallback connection?           */
    char extended_ms;           /* negotiate extended master secret?        */
-    char etm;       ;           /* negotiate encrypt then mac?     ?        */
+    char etm;                   /* negotiate encrypt then mac?     ?        */
 } opt;
 static void my_debug( void *ctx, int level, const char *str )