Remove ExtendedMS configuration API if hardcoded at compile-time

If the ExtendedMasterSecret extension is configured at compile-time by setting MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET and/or MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET, the runtime configuration APIs mbedtls_ssl_conf_extended_master_secret() and mbedtls_ssl_conf_extended_master_secret_enforce() must either be removed or modified to take no effect (or at most check that the runtime value matches the hardcoded one, but that would undermine the code-size benefits the hardcoding is supposed to bring in the first place). Previously, the API was kept but modified to have no effect. While convenient for us because we don't have to adapt example applications, this comes at the danger of users calling the runtime configuration API, forgetting that the respective fields are potentially already hardcoded at compile-time - and hence silently using a configuration they don't intend to use. This commit changes the approach to removing the configuration API in case the respective field is hardcoded at compile-time, and exemplifies it in the only case implemented so far, namely the configuration of the ExtendedMasterSecret extension. It adapts ssl_client2 and ssl_server2 by omitting the call to the corresponding API if MBEDTLS_SSL_CONF_XXX are defined and removing the command line parameters for the runtime configuration of the ExtendedMasterSecret extension.
2024-11-26 12:55:46 +01:00 · 2019-06-21 13:17:14 +01:00 · 2019-06-21 13:17:14 +01:00 · f765ce617f
commit f765ce617f
parent 57e72c750c
5 changed files with 24 additions and 16 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -650,6 +650,13 @@
 #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
 #endif

+#if ( defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) &&            \
+      !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) ) || \
+    ( !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) &&           \
+      defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) )
+#define "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET and MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET must be defined together."
+#endif
+
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -3444,7 +3444,7 @@
 * This section allows to fix parts of the SSL configuration
 * at compile-time. If a field is fixed at compile-time, the
 * corresponding SSL configuration API `mbedtls_ssl_conf_xxx()`
- * remains present, but takes no effect anymore.
+ * is removed.
 *
 * This can be used on constrained systems to reduce code-size.
 * \{
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -8610,26 +8610,19 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
 #endif

 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
 {
-#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
    conf->extended_ms = ems;
-#else
-    ((void) conf);
-    ((void) ems);
-#endif /* !MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET */
 }
-
+#endif /* !MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET */
+#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
 void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
                                                        char ems_enf )
 {
-#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
    conf->enforce_extended_master_secret = ems_enf;
-#else
-    ((void) conf);
-    ((void) ems_enf);
-#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
 }
+#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
 #endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */

 #if defined(MBEDTLS_ARC4_C)
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -245,7 +245,9 @@ int main( void )
 #define USAGE_FALLBACK ""
 #endif

-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&       \
+    !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
 #define USAGE_EMS \
    "    extended_ms=0/1     default: (library default: on)\n" \
    "    enforce_extended_master_secret=0/1 default: (library default: off)\n"
@ -1706,7 +1708,9 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
 #endif

-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&       \
+    !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
    if( opt.extended_ms != DFL_EXTENDED_MS )
        mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
    if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -344,7 +344,9 @@ int main( void )
 #define USAGE_DTLS ""
 #endif

-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&       \
+    !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
 #define USAGE_EMS \
    "    extended_ms=0/1     default: (library default: on)\n" \
    "    enforce_extended_master_secret=0/1 default: (library default: off)\n"
@ -2491,7 +2493,9 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
 #endif

-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) &&       \
+    !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
    if( opt.extended_ms != DFL_EXTENDED_MS )
        mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
    if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )