Fix #ifdef inconsistency

fixes #310

Actually all key exchanges that use a certificate use signatures too, and
there is no key exchange that uses signatures but no cert, so merge those two
flags.

Conflicts:
	ChangeLog
This commit is contained in:
Manuel Pégourié-Gonnard 2015-10-22 17:01:15 +02:00
parent 4b56e755af
commit f9945bc283
6 changed files with 17 additions and 21 deletions

View File

@ -5,12 +5,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
Changes Changes
* Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1 * Improved performance of mbedtls_ecp_muladd() when one of the scalars is 1
or -1. or -1.
= mbed TLS 2.1.2 released 2015-10-06
Bugfix Bugfix
* Fix build error with configurations where ECDHE-PSK is the only key * Fix build error with configurations where ECDHE-PSK is the only key
exchange. Found and fix provided by Chris Hammond. #270 exchange. Found and fix provided by Chris Hammond. #270
* Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
ECHD-ECDSA if the only key exchange. Multiple reports. #310
= mbed TLS 2.1.2 released 2015-10-06 = mbed TLS 2.1.2 released 2015-10-06

View File

@ -529,7 +529,7 @@ struct mbedtls_ssl_config
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */ const int *sig_hashes; /*!< allowed signature hashes */
#endif #endif
@ -1548,7 +1548,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves ); const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/** /**
* \brief Set the allowed hashes for signatures during the handshake. * \brief Set the allowed hashes for signatures during the handshake.
* (Default: all available hashes.) * (Default: all available hashes.)
@ -1569,7 +1569,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
*/ */
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ); const int *hashes );
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** /**

View File

@ -246,6 +246,7 @@ typedef enum {
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
} mbedtls_key_exchange_type_t; } mbedtls_key_exchange_type_t;
/* Key exchanges using a certificate */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
@ -256,6 +257,7 @@ typedef enum {
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
#endif #endif
/* Key exchanges using a PSK */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
@ -263,18 +265,13 @@ typedef enum {
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif #endif
/* Key exchanges using a ECDHE */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
#endif
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */

View File

@ -377,7 +377,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md );
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md ); mbedtls_md_type_t md );
#endif #endif

View File

@ -1923,7 +1923,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end, unsigned char *end,
@ -1979,7 +1979,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \

View File

@ -5796,7 +5796,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/* /*
* Set allowed/preferred hashes for handshake signatures * Set allowed/preferred hashes for handshake signatures
*/ */
@ -6977,7 +6977,7 @@ static int ssl_preset_suiteb_ciphersuites[] = {
0 0
}; };
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
static int ssl_preset_suiteb_hashes[] = { static int ssl_preset_suiteb_hashes[] = {
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA384, MBEDTLS_MD_SHA384,
@ -7093,7 +7093,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
conf->sig_hashes = ssl_preset_suiteb_hashes; conf->sig_hashes = ssl_preset_suiteb_hashes;
#endif #endif
@ -7126,7 +7126,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->cert_profile = &mbedtls_x509_crt_profile_default; conf->cert_profile = &mbedtls_x509_crt_profile_default;
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
conf->sig_hashes = mbedtls_md_list(); conf->sig_hashes = mbedtls_md_list();
#endif #endif
@ -7290,7 +7290,7 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/* /*
* Check if a hash proposed by the peer is in our list. * Check if a hash proposed by the peer is in our list.
* Return 0 if we're willing to use it, -1 otherwise. * Return 0 if we're willing to use it, -1 otherwise.
@ -7309,7 +7309,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
return( -1 ); return( -1 );
} }
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,