diff --git a/library/ssl_client.c b/library/ssl_client.c index 769a8f293e..33c02e69de 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -434,7 +434,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_ECDH_C) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) { ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len ); @@ -442,7 +442,11 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl, return( ret ); p += output_len; } +#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) ) { ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2586c6d253..204c44890b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1897,16 +1897,14 @@ static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group ) named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 ); } -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \ - defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl, unsigned char *buf, const unsigned char *end, size_t *out_len ); -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED || - MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ /* * Return supported signature algorithms. diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 88cd22ad4b..f701215dae 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -159,8 +159,6 @@ static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) { uint16_t group_id = ssl->handshake->offered_group_id; @@ -584,8 +582,6 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl, return( ret ); } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - /* * ssl_tls13_parse_cookie_ext() * Parse cookie extension in Hello Retry Request @@ -699,7 +695,6 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) { ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len ); @@ -707,7 +702,6 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; } -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ *out_len = p - buf; @@ -1093,7 +1087,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, fatal_alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT; goto cleanup; -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) case MBEDTLS_TLS_EXT_KEY_SHARE: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found key_shares extension" ) ); if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) ) @@ -1116,7 +1109,6 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl, goto cleanup; } break; -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ default: MBEDTLS_SSL_DEBUG_MSG( @@ -1271,7 +1263,6 @@ cleanup: static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl ) { -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) @@ -1296,9 +1287,6 @@ static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl ) ret = ssl_tls13_reset_key_share( ssl ); if( ret != 0 ) return( ret ); -#else - ((void) ssl); -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ return( 0 ); }