Guards tls_prf functions with TLS1_2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0204f01..bb514cd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -577,7 +577,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
@@ -590,13 +590,15 @@
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
+
#if defined(MBEDTLS_SHA256_C)
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif
+#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif
+#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -620,28 +622,6 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
-{
- ((void) tls_prf);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA384_C)
- if( tls_prf == tls_prf_sha384 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA384 );
- }
- else
-#endif
-#if defined(MBEDTLS_SHA256_C)
- if( tls_prf == tls_prf_sha256 )
- {
- return( MBEDTLS_SSL_TLS_PRF_SHA256 );
- }
- else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- return( MBEDTLS_SSL_TLS_PRF_NONE );
-}
-
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
const char *label,
@@ -671,6 +651,30 @@
return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) || \
+ defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
+{
+ ((void) tls_prf);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA384_C)
+ if( tls_prf == tls_prf_sha384 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA384 );
+ }
+ else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ if( tls_prf == tls_prf_sha256 )
+ {
+ return( MBEDTLS_SSL_TLS_PRF_SHA256 );
+ }
+ else
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+ return( MBEDTLS_SSL_TLS_PRF_NONE );
+}
+
/* Type for the TLS PRF */
typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
const unsigned char *, size_t,
@@ -1113,6 +1117,7 @@
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
return( ret );
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 || MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
@@ -6214,10 +6219,10 @@
(void) ciphersuite_id;
#endif
return( tls_prf_sha256 );
-#else
+#else /* MBEDTLS_SSL_PROTO_TLS1_2 */
(void) ciphersuite_id;
return( NULL );
-#endif
+#endif /* !MBEDTLS_SSL_PROTO_TLS1_2 */
}
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 53f541f..f03d992 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1186,6 +1186,7 @@
#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static int psa_cipher_encrypt_helper( mbedtls_ssl_transform *transform,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
@@ -1226,6 +1227,7 @@
iv, iv_len, input, ilen, output, olen );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static int build_transforms( mbedtls_ssl_transform *t_in,
mbedtls_ssl_transform *t_out,
@@ -4198,7 +4200,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2 */
void ssl_tls_prf( int type, data_t * secret, data_t * random,
char *label, data_t *result_str, int exp_ret )
{