TLS 1.3: Limit scope of tls13_kex_modes handshake field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2ad5965..d16b254 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -612,14 +612,18 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint8_t key_exchange_mode; /*!< Selected key exchange mode */
- uint8_t tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
/** Number of HelloRetryRequest messages received/sent from/to the server. */
int hello_retry_request_count;
+
#if defined(MBEDTLS_SSL_SRV_C)
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
+#endif
#endif /* MBEDTLS_SSL_SRV_C */
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1770,6 +1774,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/**
* Given a list of key exchange modes, check if at least one of them is
* supported.
@@ -1816,6 +1821,7 @@
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
/*
* Helper functions to check the selected key exchange mode.