From 88889c618ed8ac173d2a23df16a1ac5daecb1bb9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 23 Aug 2019 12:01:45 +0100 Subject: [PATCH] Fixup: Add missing TinyCrypt guards --- include/mbedtls/ssl_ciphersuites.h | 26 +++++++++++++------- library/certs.c | 38 +++++++++++++++--------------- library/oid.c | 4 ++-- library/pkwrite.c | 18 +++++++------- library/ssl_ciphersuites.c | 7 ++++-- library/ssl_cli.c | 12 ++++++---- programs/ssl/ssl_server2.c | 6 ++--- 7 files changed, 64 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 925f2808e..f0f817c47 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -626,7 +626,8 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg_internal( #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_ec_internal( mbedtls_ssl_ciphersuite_handle_t info ) @@ -645,7 +646,10 @@ static inline int mbedtls_ssl_ciphersuite_uses_ec_internal( return( 0 ); } } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_USE_TINYCRYPT || + MBEDTLS_ECDH_C || + MBEDTLS_ECDSA_C || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_psk_internal( @@ -684,11 +688,14 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( mbedtls_ssl_ciphersuite_handle_t info ); #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info ); -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ +#endif /* MBEDTLS_USE_TINYCRYPT || + MBEDTLS_ECDH_C || + MBEDTLS_ECDSA_C || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) int mbedtls_ssl_ciphersuite_uses_psk( mbedtls_ssl_ciphersuite_handle_t info ); @@ -710,15 +717,18 @@ static inline mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( } #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info ) { return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) ); } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || - MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ +#endif /* MBEDTLS_USE_TINYCRYPT || + MBEDTLS_ECDH_C || + MBEDTLS_ECDSA_C || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_psk( diff --git a/library/certs.c b/library/certs.c index 327a77297..da534a3c5 100644 --- a/library/certs.c +++ b/library/certs.c @@ -45,7 +45,7 @@ /* Use CRTs with Secp256r1-only if Secp384r1 is disabled. * Otherwise, fall back to previous test CRTs using both * Secp256r1 and Secp384r1. */ -#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT) /* This is taken from tests/data_files/test-ca3.crt.pem */ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca3.crt.pem */ @@ -135,7 +135,7 @@ } /* END FILE */ -#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#else /* !MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ /* This is taken from tests/data_files/test-ca2.crt */ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ @@ -241,7 +241,7 @@ } /* END FILE */ -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ #define TEST_CA_PWD_EC_PEM "PolarSSLTest" @@ -607,7 +607,7 @@ /* Use CRTs with Secp256r1-only if Secp384r1 is disabled. * Otherwise, fall back to previous test CRTs using both * Secp256r1 and Secp384r1. */ -#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT) /* This is taken from tests/data_files/server11.crt.pem. */ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server11.crt.pem */ @@ -696,7 +696,7 @@ } /* END FILE */ -#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ /* This is taken from tests/data_files/server5.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ @@ -796,7 +796,7 @@ } /* END FILE */ -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ /* This is taken from tests/data_files/server2-sha256.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ @@ -1152,7 +1152,7 @@ /* Use CRTs with Secp256r1-only if Secp384r1 is disabled. * Otherwise, fall back to previous test CRTs using both * Secp256r1 and Secp384r1. */ -#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#if !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(MBEDTLS_USE_TINYCRYPT) /* This is taken from tests/data_files/cli3.crt. */ /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli3.crt.pem */ @@ -1242,7 +1242,7 @@ } /* END FILE */ -#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#else /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ /* This is taken from tests/data_files/cli2.crt. */ /* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ @@ -1336,7 +1336,7 @@ } /* END FILE */ -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED || MBEDTLS_USE_TINYCRYPT */ /* This is taken from tests/data_files/cli-rsa-sha256.crt. */ /* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ @@ -1975,9 +1975,9 @@ const char * mbedtls_test_cas[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) mbedtls_test_ca_crt_rsa_sha256, #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) mbedtls_test_ca_crt_ec, -#endif +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ NULL }; const size_t mbedtls_test_cas_len[] = { @@ -1987,9 +1987,9 @@ const size_t mbedtls_test_cas_len[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) sizeof( mbedtls_test_ca_crt_rsa_sha256 ), #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) sizeof( mbedtls_test_ca_crt_ec ), -#endif +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ 0 }; @@ -2003,9 +2003,9 @@ const unsigned char * mbedtls_test_cas_der[] = { mbedtls_test_ca_crt_rsa_sha1_der, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) mbedtls_test_ca_crt_ec_der, -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ NULL }; @@ -2018,9 +2018,9 @@ const size_t mbedtls_test_cas_der_len[] = { sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) sizeof( mbedtls_test_ca_crt_ec_der ), -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ 0 }; @@ -2035,9 +2035,9 @@ const char mbedtls_test_cas_pem[] = TEST_CA_CRT_RSA_SHA1_PEM #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) TEST_CA_CRT_EC_PEM -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ ""; const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); #endif /* MBEDTLS_PEM_PARSE_C */ diff --git a/library/oid.c b/library/oid.c index 674c3b8b0..abe7bc7cb 100644 --- a/library/oid.c +++ b/library/oid.c @@ -385,7 +385,7 @@ static const oid_sig_alg_t oid_sig_alg[] = }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) #if defined(MBEDTLS_SHA1_C) { OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ), @@ -412,7 +412,7 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ #if defined(MBEDTLS_RSA_C) { OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ), diff --git a/library/pkwrite.c b/library/pkwrite.c index f816f0ee6..bf4ce739e 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -228,11 +228,11 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); else #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, key ) ); else -#endif +#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( (int) len ); @@ -274,12 +274,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si return( ret ); } -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) { MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, key ) ); } -#endif +#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len, par_len ) ); @@ -383,7 +383,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) { size_t pub_len = 0, par_len = 0; @@ -435,7 +435,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ MBEDTLS_ASN1_SEQUENCE ) ); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( (int) len ); @@ -579,15 +579,15 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_ end = PEM_END_PRIVATE_KEY_RSA; } else -#endif -#if defined(MBEDTLS_ECP_C) +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; } else -#endif +#endif /* MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); if( ( ret = mbedtls_pem_write_buffer( begin, end, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index ad660079a..18fa9d2a8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -2307,14 +2307,17 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( } #endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info ) { return( mbedtls_ssl_ciphersuite_uses_ec_internal( info ) ); } -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_USE_TINYCRYPT || + MBEDTLS_ECDH_C || + MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9e35beda0..97ae00e74 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -815,7 +815,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) unsigned char *buf; unsigned char *p, *q; unsigned char offer_compress; -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int uses_ec = 0; #endif @@ -979,7 +980,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", mbedtls_ssl_suite_get_id( ciphersuite_info ) ) ); -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); #endif @@ -1076,7 +1078,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_ECDH_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || \ defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_USE_TINYCRYPT) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -2058,7 +2061,8 @@ server_picked_valid_suite: break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_USE_TINYCRYPT) || \ + defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 890725e75..b07ab4fac 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2610,7 +2610,7 @@ int main( int argc, char *argv[] ) } key_cert_init = 2; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT) if( ( ret = mbedtls_x509_crt_parse( &srvcert2, (const unsigned char *) mbedtls_test_srv_crt_ec, mbedtls_test_srv_crt_ec_len ) ) != 0 ) @@ -2628,7 +2628,7 @@ int main( int argc, char *argv[] ) goto exit; } key_cert_init2 = 2; -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_USE_TINYCRYPT */ #endif /* MBEDTLS_CERTS_C */ } @@ -3070,7 +3070,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_curves( &conf, curve_list ); } #endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */ -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_C*/ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )