commit a82290b7271a3cd489e62a0f98d24622dbbf4bbe
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Sep 27 13:41:12 2022 +0200
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Tue Sep 27 15:04:14 2022 +0200
tree 6c59244ec1ef32b1e791b595c5516dbf0d02a417
parent 89ad62352dae7fede94bcfec3717e9c17c40be6b

Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions

Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

include/mbedtls/check_config.h

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 1038706..1874e51 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -962,6 +962,9 @@
 #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && !( defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) )
+#error "MBEDTLS_SSL_SESSION_TICKETS defined, but not all prerequisites"
+#endif
 
 
 /* Reject attempts to enable options that have been removed and that could