Fix SHA512 vs SHA384 dependencies
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 190c0f0..3f9bf87 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -38,8 +38,8 @@
#include <string.h>
/*
- * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
- * available. Try SHA-256 first, 512 wastes resources
+ * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-384 is
+ * available. Try SHA-256 first, 384 wastes resources
*/
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
#define COOKIE_MD MBEDTLS_MD_SHA224
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eee0dad..4678f53 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -604,6 +604,12 @@
mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
#endif
#endif
+#if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ (void) ssl;
+ (void) buf;
+ (void) len;
+#endif
}
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
@@ -5165,6 +5171,10 @@
goto exit;
exit:
+#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ (void) ssl;
+#endif
return( psa_ssl_status_to_mbedtls( status ) );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -5437,6 +5447,8 @@
return( PSA_SUCCESS );
}
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+ defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic( mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@@ -5511,7 +5523,7 @@
return( 0 );
}
-
+#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -5917,7 +5929,10 @@
default:
return( -1 );
}
-
+#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+ (void) ssl;
+#endif
return( 0 );
}
@@ -7436,8 +7451,6 @@
* Helper to get TLS 1.2 PRF from ciphersuite
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
*/
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
- defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
@@ -7457,10 +7470,9 @@
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
(void) ciphersuite_info;
#endif
+
return( NULL );
}
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA ||
- MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )