commit c5aef88be6b8e2ea6bf0487da48163711d9e1efa
author Jerry Yu <jerry.h.yu@arm.com> Thu Dec 23 20:15:02 2021 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Mon Feb 21 09:06:00 2022 +0800
tree 1266578346a42032aa17efcfe1b97b273a238b71
parent ab08290c098301da4b8cda19044038d036984f29

tls13_only: guard ssl_{cli,srv}.c with TLS1_2

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f4bf5bf..c8f0e7f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -21,6 +21,8 @@
 
 #if defined(MBEDTLS_SSL_SRV_C)
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
@@ -2956,11 +2958,9 @@
         ssl->handshake->ciphersuite_info;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
     unsigned char *dig_signed = NULL;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED &&
-          MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
 
     (void) ciphersuite_info; /* unused in some configurations */
@@ -3066,8 +3066,7 @@
             return( ret );
         }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
         dig_signed = ssl->out_msg + ssl->out_msglen;
 #endif
 
@@ -3133,8 +3132,7 @@
             return( ret );
         }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
         dig_signed = ssl->out_msg + ssl->out_msglen;
 #endif
 
@@ -3154,9 +3152,7 @@
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
     if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
     {
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
         size_t hashlen = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         unsigned char hash[PSA_HASH_MAX_SIZE];
@@ -3171,7 +3167,7 @@
          *      to choose appropriate hash.
          */
 
-        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+        mbedtls_md_type_t md_alg;
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         mbedtls_pk_type_t sig_alg =
@@ -4412,4 +4408,6 @@
     conf->respect_cli_pref = order;
 }
 
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
 #endif /* MBEDTLS_SSL_SRV_C */