mbedtls_ssl_conf_arc4_support() depends on ARC4_C

commit: 66dc5555f0fba15fb3fa262ebb742279d2eeaa77 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu May 14 12:28:21 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu May 14 12:31:10 2015 +0200
tree: f88eb2b4bbe905ef0e5535d8e28fcd0f52469040
parent: 22404866af2e12eeb23d3140d8785571f9587cf5 [diff]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index cdcda30..f0b7b54 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -911,10 +911,12 @@
 
     unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
     unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
-    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
     unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
     /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
     unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
+#if defined(MBEDTLS_ARC4_C)
+    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
+#endif
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     unsigned int mfl_code : 3;      /*!< desired fragment length            */
 #endif
@@ -1928,6 +1930,7 @@
 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
+#if defined(MBEDTLS_ARC4_C)
 /**
  * \brief          Disable or enable support for RC4
  *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
@@ -1942,6 +1945,7 @@
  * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
  */
 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
+#endif /* MBEDTLS_ARC4_C */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c16b6e7..f344907 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -711,9 +711,11 @@
             continue;
 #endif
 
+#if defined(MBEDTLS_ARC4_C)
         if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
             ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
             continue;
+#endif
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
                        ciphersuites[i] ) );
@@ -1405,15 +1407,17 @@
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
 
     suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
-    if( suite_info == NULL ||
-        ( ssl->conf->arc4_disabled &&
-          suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) )
+    if( suite_info == NULL
+#if defined(MBEDTLS_ARC4_C)
+            || ( ssl->conf->arc4_disabled &&
+                suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+#endif
+        )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
 
-
     i = 0;
     while( 1 )
     {

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5d04497..62c520d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -969,12 +969,14 @@
         return( 0 );
 #endif
 
+#if defined(MBEDTLS_ARC4_C)
     if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
             suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
         return( 0 );
     }
+#endif
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
     if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bd010a4..39796f8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5627,10 +5627,12 @@
 }
 #endif
 
+#if defined(MBEDTLS_ARC4_C)
 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
 {
     conf->arc4_disabled = arc4;
 }
+#endif
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
@@ -6679,7 +6681,9 @@
     conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
                            mbedtls_ssl_list_ciphersuites();
 
+#if defined(MBEDTLS_ARC4_C)
     conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED;
+#endif
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 89ef2c2..1b4d654 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -1116,8 +1116,10 @@
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
 
+#if defined(MBEDTLS_ARC4_C)
     if( opt.arc4 != DFL_ARC4 )
         mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+#endif
 
     if( opt.allow_legacy != DFL_ALLOW_LEGACY )
         mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index bef88cd..d0260ec 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -1637,8 +1637,10 @@
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
 
+#if defined(MBEDTLS_ARC4_C)
     if( opt.arc4 != DFL_ARC4 )
         mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+#endif
 
     if( opt.version_suites != NULL )
     {
commit	66dc5555f0fba15fb3fa262ebb742279d2eeaa77	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu May 14 12:28:21 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu May 14 12:31:10 2015 +0200
tree	f88eb2b4bbe905ef0e5535d8e28fcd0f52469040
parent	22404866af2e12eeb23d3140d8785571f9587cf5 [diff]