commit 90f152dfac5882e52805ddbaeb667151653930a0
author Jerry Yu <jerry.h.yu@arm.com> Sat Jan 29 22:12:42 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Feb 22 10:17:58 2022 +0800
tree e693e09865ed8daadedfd285c01c844ccfbd5078
parent 72637c734bd98bbd5040f506710250673efd8977

fix psk only build fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 71987e0..68971cd 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1735,6 +1735,7 @@
  */
 int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Handler of TLS 1.3 write certificate message
  */
@@ -1744,6 +1745,9 @@
  * Handler of TLS 1.3 write certificate verify message
  */
 int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 /*
  * Generic handler of Certificate Verify
  */

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index cdb41f0..207098c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1943,6 +1943,7 @@
 }
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
  */
@@ -1962,6 +1963,7 @@
 {
     return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) );
 }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 /*
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
@@ -2057,6 +2059,7 @@
             ret = ssl_tls13_process_server_finished( ssl );
             break;
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
             ret = ssl_tls13_write_client_certificate( ssl );
             break;
@@ -2064,7 +2067,7 @@
         case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
             ret = ssl_tls13_write_client_certificate_verify( ssl );
             break;
-
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
             ret = ssl_tls13_write_client_finished( ssl );

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 26e53a5..b96fbc8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -846,6 +846,7 @@
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
     return( ret );
 }
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 
 /*
  * STATE HANDLING: Output Certificate
@@ -862,7 +863,6 @@
 #define SSL_WRITE_CERTIFICATE_AVAILABLE  0
 #define SSL_WRITE_CERTIFICATE_SKIP       1
 
-
 static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context* ssl )
 {
 
@@ -873,7 +873,6 @@
         return( SSL_WRITE_CERTIFICATE_SKIP );
     }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
@@ -893,13 +892,9 @@
 #endif /* MBEDTLS_SSL_CLI_C */
 
     return( SSL_WRITE_CERTIFICATE_AVAILABLE );
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-#endif /* !MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 static int ssl_tls13_write_certificate( mbedtls_ssl_context *ssl,
                                         unsigned char *buf,
                                         size_t buflen,
@@ -978,7 +973,6 @@
 
     return( 0 );
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 /* Update the state after handling the outgoing certificate message. */
 static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context* ssl )
@@ -1003,7 +997,6 @@
     /* Coordination: Check if we need to send a certificate. */
     MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) );
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( ret == SSL_WRITE_CERTIFICATE_AVAILABLE )
     {
         unsigned char *buf;
@@ -1025,7 +1018,6 @@
                                   ssl, buf_len, msg_len ) );
     }
     else
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
         MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) );
@@ -1080,12 +1072,12 @@
     return( SSL_WRITE_CERTIFICATE_VERIFY_SEND );
 #else /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    ((void) crt);
     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
 
 #endif /* !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context* ssl,
                                                     unsigned char* buf,
                                                     size_t buflen,
@@ -1105,8 +1097,6 @@
     size_t handshake_hash_len;
     unsigned char *p;
     const mbedtls_md_info_t *md_info;
-    /* Verify whether we can use signature algorithm */
-    // int signature_scheme_client;
     unsigned char * const end = buf + buflen;
 
     p = buf;
@@ -1182,8 +1172,6 @@
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
-    // signature_scheme_client = MBEDTLS_TLS1_3_SIG_NONE;
-
     if( !mbedtls_ssl_sig_alg_is_received( ssl, sig_alg ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -1223,7 +1211,6 @@
     MBEDTLS_SSL_DEBUG_BUF( 3, "xverify hash", buf, *olen );
     return( ret );
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 
 static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context* ssl )
 {
@@ -1279,6 +1266,8 @@
     return( ret );
 }
 
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 /*
  *
  * STATE HANDLING: Incoming Finished message.