Depend on ECJPAKE key exchange, not module

This is more consistent, as it doesn't make any sense for a user to be able to set up an EC J-PAKE password with TLS if the corresponding key exchange is disabled. Arguably this is what we should de for other key exchanges as well instead of depending on ECDH_C etc, but this is an independent issue, so let's just do the right thing with the new key exchange and fix the other ones later. (This is a marginal issue anyway, since people who disable all ECDH key exchange are likely to also disable ECDH_C in order to minimize footprint.)
2024-11-25 15:05:45 +01:00 · 2015-09-16 10:05:04 +02:00 · 2015-09-16 10:05:04 +02:00 · eef142d753
commit eef142d753
parent ddf97a6c92
5 changed files with 18 additions and 18 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1676,7 +1676,7 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
                  void *p_sni );
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */

-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 /**
 * \brief          Set the EC J-PAKE password for current handshake.
 *
@ -1697,7 +1697,7 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
                                         const unsigned char *pw,
                                         size_t pw_len );
-#endif /*MBEDTLS_ECJPAKE_C */
+#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_SSL_ALPN)
 /**
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -41,7 +41,7 @@
 #include "sha512.h"
 #endif

-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 #include "ecjpake.h"
 #endif

@ -172,11 +172,11 @@ struct mbedtls_ssl_handshake_params
 #if defined(MBEDTLS_ECDH_C)
    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
 #endif
-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
 #endif
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -209,7 +209,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
                                                     unsigned char *buf,
                                                     size_t *olen )
@ -278,9 +278,9 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,

    *olen = 6;
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_ECJPAKE_C */
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
                                        unsigned char *buf,
                                        size_t *olen )
@ -320,7 +320,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,

    *olen = kkpp_len + 4;
 }
-#endif /* MBEDTLS_ECJPAKE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
@ -821,7 +821,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
 #endif

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
    ext_len += olen;

@ -829,7 +829,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
    ext_len += olen;
 #endif

-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
    ext_len += olen;
 #endif
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1977,7 +1977,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
                                                   unsigned char *buf,
                                                   size_t *olen )
@ -2005,7 +2005,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,

    *olen = 6;
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_ECJPAKE_C */
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_SSL_ALPN )
 static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
@ -2292,7 +2292,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 #endif

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_ECJPAKE_C)
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
    ext_len += olen;
 #endif
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4932,7 +4932,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
 #if defined(MBEDTLS_ECDH_C)
    mbedtls_ecdh_init( &handshake->ecdh_ctx );
 #endif
-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
 #endif

@ -5451,7 +5451,7 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */

-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 /*
 * Set EC J-PAKE password for current handshake
 */
@ -5475,7 +5475,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
                                   MBEDTLS_ECP_DP_SECP256R1,
                                   pw, pw_len ) );
 }
-#endif /* MBEDTLS_ECJPAKE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
@ -6619,7 +6619,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
 #if defined(MBEDTLS_ECDH_C)
    mbedtls_ecdh_free( &handshake->ecdh_ctx );
 #endif
-#if defined(MBEDTLS_ECJPAKE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
 #endif