Guard RSA-only max_major/minor_ver fields from SSL handshake params

The fields - mbedtls_ssl_handshake_params::max_major_ver, - mbedtls_ssl_handshake_params::max_minor_ver are used only for server-side RSA-based key exchanges can be removed otherwise.
2024-11-26 11:55:41 +01:00 · 2019-06-12 14:47:21 +01:00 · 2019-06-12 14:47:21 +01:00 · 18729aeaac
commit 18729aeaac
parent 7b628e5b88
2 changed files with 14 additions and 0 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -514,8 +514,14 @@ struct mbedtls_ssl_handshake_params
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
    int resume;                         /*!<  session resume indicator*/
 #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+
+#if defined(MBEDTLS_SSL_SRV_C) &&                        \
+    ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||       \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) )
    int max_major_ver;                  /*!< max. major version client*/
    int max_minor_ver;                  /*!< max. minor version client*/
+#endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+                                 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */
    int cli_exts;                       /*!< client extension presence*/

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1110,8 +1110,12 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
    }

+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||        \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
    ssl->handshake->max_major_ver = buf[3];
    ssl->handshake->max_minor_ver = buf[4];
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */

    if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
    {
@ -1630,8 +1634,12 @@ read_record_header:
                                  ssl->conf->transport,
                                  buf );

+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||        \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
        ssl->handshake->max_major_ver = major_ver;
        ssl->handshake->max_minor_ver = minor_ver;
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */

        if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
            minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )