From 7458bc39ae28278350db923afc8db2bd8a90fd79 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 5 Sep 2016 11:18:39 +0300 Subject: [PATCH] Fix guards in SSL for ECDH key exchanges --- library/ssl_cli.c | 11 ++++++++++- library/ssl_srv.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9d607eb38..34ab7e06d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2204,7 +2204,9 @@ exit: #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_request( ssl_context *ssl ) { @@ -2373,7 +2375,9 @@ exit: } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLE && !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_parse_server_hello_done( ssl_context *ssl ) @@ -2643,7 +2647,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_verify( ssl_context *ssl ) { @@ -2821,7 +2827,10 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && - !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( ssl_context *ssl ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0fd67096d..f0a88fe2d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2286,7 +2286,9 @@ static int ssl_write_server_hello( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_write_certificate_request( ssl_context *ssl ) { @@ -2458,7 +2460,9 @@ static int ssl_write_certificate_request( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ @@ -3299,7 +3303,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_certificate_verify( ssl_context *ssl ) { @@ -3473,7 +3479,10 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) } #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && - !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + !POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED && + !POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( ssl_context *ssl )