From 18729aeaac3bf2b2626416147cfdc4d448ca86a0 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 12 Jun 2019 14:47:21 +0100
Subject: [PATCH] Guard RSA-only max_major/minor_ver fields from SSL handshake
 params

The fields
- mbedtls_ssl_handshake_params::max_major_ver,
- mbedtls_ssl_handshake_params::max_minor_ver
are used only for server-side RSA-based key exchanges
can be removed otherwise.
---
 include/mbedtls/ssl_internal.h | 6 ++++++
 library/ssl_srv.c              | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 5ba2f30b6..457fc28ee 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -514,8 +514,14 @@ struct mbedtls_ssl_handshake_params
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
     int resume;                         /*!<  session resume indicator*/
 #endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+
+#if defined(MBEDTLS_SSL_SRV_C) &&                        \
+    ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||       \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) )
     int max_major_ver;                  /*!< max. major version client*/
     int max_minor_ver;                  /*!< max. minor version client*/
+#endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+                                 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */
     int cli_exts;                       /*!< client extension presence*/
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 87fe4c973..660b30f2e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1110,8 +1110,12 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
     }
 
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||        \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
     ssl->handshake->max_major_ver = buf[3];
     ssl->handshake->max_minor_ver = buf[4];
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 
     if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
     {
@@ -1630,8 +1634,12 @@ read_record_header:
                                   ssl->conf->transport,
                                   buf );
 
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||        \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
         ssl->handshake->max_major_ver = major_ver;
         ssl->handshake->max_minor_ver = minor_ver;
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
 
         if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
             minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )