TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f765ce617f8d46cb2b78810fede24286cca0eaf2^! / . / include / mbedtls
commitf765ce617f8d46cb2b78810fede24286cca0eaf2[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Fri Jun 21 13:17:14 2019 +0100
committerHanno Becker <hanno.becker@arm.com>Tue Jun 25 08:42:20 2019 +0100
tree62b04a27fcfca58dc4dbf4c044a38b05832854ac
parent57e72c750c092900f3fc035e7c9f77af62c684e5 [diff]
Remove ExtendedMS configuration API if hardcoded at compile-time

If the ExtendedMasterSecret extension is configured at compile-time
by setting MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET and/or
MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET, the runtime
configuration APIs mbedtls_ssl_conf_extended_master_secret()
and mbedtls_ssl_conf_extended_master_secret_enforce() must
either be removed or modified to take no effect (or at most
check that the runtime value matches the hardcoded one, but
that would undermine the code-size benefits the hardcoding
is supposed to bring in the first place).

Previously, the API was kept but modified to have no effect.
While convenient for us because we don't have to adapt example
applications, this comes at the danger of users calling the runtime
configuration API, forgetting that the respective fields are
potentially already hardcoded at compile-time - and hence silently
using a configuration they don't intend to use.

This commit changes the approach to removing the configuration
API in case the respective field is hardcoded at compile-time,
and exemplifies it in the only case implemented so far, namely
the configuration of the ExtendedMasterSecret extension.

It adapts ssl_client2 and ssl_server2 by omitting the call to
the corresponding API if MBEDTLS_SSL_CONF_XXX are defined and
removing the command line parameters for the runtime configuration
of the ExtendedMasterSecret extension.

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 67cb778..88f4701 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -650,6 +650,13 @@
 #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
 #endif
 
+#if ( defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) &&            \
+      !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) ) || \
+    ( !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) &&           \
+      defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) )
+#define "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET and MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET must be defined together."
+#endif
+
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
 #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 8dcb81c..2116521 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -3444,7 +3444,7 @@
  * This section allows to fix parts of the SSL configuration
  * at compile-time. If a field is fixed at compile-time, the
  * corresponding SSL configuration API `mbedtls_ssl_conf_xxx()`
- * remains present, but takes no effect anymore.
+ * is removed.
  *
  * This can be used on constrained systems to reduce code-size.
  * \{