Guard RSA-only max_major/minor_ver fields from SSL handshake params
The fields
- mbedtls_ssl_handshake_params::max_major_ver,
- mbedtls_ssl_handshake_params::max_minor_ver
are used only for server-side RSA-based key exchanges
can be removed otherwise.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 5ba2f30..457fc28 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -514,8 +514,14 @@
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
int resume; /*!< session resume indicator*/
#endif /* !MBEDTLS_SSL_NO_SESSION_RESUMPTION */
+
+#if defined(MBEDTLS_SSL_SRV_C) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) )
int max_major_ver; /*!< max. major version client*/
int max_minor_ver; /*!< max. minor version client*/
+#endif /* MBEDTLS_SSL_SRV_C && ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) */
int cli_exts; /*!< client extension presence*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 87fe4c9..660b30f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1110,8 +1110,12 @@
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
ssl->handshake->max_major_ver = buf[3];
ssl->handshake->max_minor_ver = buf[4];
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
{
@@ -1630,8 +1634,12 @@
ssl->conf->transport,
buf );
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
ssl->handshake->max_major_ver = major_ver;
ssl->handshake->max_minor_ver = minor_ver;
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ||
minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )