tls13: guards transform negotiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9bb9dc2..eba5e3b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -965,13 +965,16 @@
static int ssl_handshake_init( mbedtls_ssl_context *ssl )
{
/* Clear old handshake information if present */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->transform_negotiate )
mbedtls_ssl_transform_free( ssl->transform_negotiate );
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( ssl->session_negotiate )
mbedtls_ssl_session_free( ssl->session_negotiate );
if( ssl->handshake )
mbedtls_ssl_handshake_free( ssl );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Either the pointers are now NULL or cleared properly and can be freed.
* Now allocate missing structures.
@@ -980,6 +983,7 @@
{
ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( ssl->session_negotiate == NULL )
{
@@ -998,18 +1002,23 @@
#endif
/* All pointers should exist and can be directly freed without issue */
- if( ssl->handshake == NULL ||
+ if( ssl->handshake == NULL ||
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
ssl->transform_negotiate == NULL ||
- ssl->session_negotiate == NULL )
+#endif
+ ssl->session_negotiate == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
mbedtls_free( ssl->handshake );
- mbedtls_free( ssl->transform_negotiate );
- mbedtls_free( ssl->session_negotiate );
-
ssl->handshake = NULL;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ mbedtls_free( ssl->transform_negotiate );
ssl->transform_negotiate = NULL;
+#endif
+
+ mbedtls_free( ssl->session_negotiate );
ssl->session_negotiate = NULL;
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -1017,9 +1026,12 @@
/* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate );
- mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ mbedtls_ssl_transform_init( ssl->transform_negotiate );
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -3975,7 +3987,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &handshake->fin_sha256_psa );
#else
- mbedtls_sha256_free( &handshake->fin_sha256 );
+ mbedtls_sha256_free( &handshake->fin_sha256 );
#endif
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
@@ -4512,10 +4524,12 @@
/* This has been allocated by ssl_handshake_init(), called by
* by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */
- ssl->transform = ssl->transform_negotiate;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ ssl->transform = ssl->transform_negotiate;
ssl->transform_in = ssl->transform;
ssl->transform_out = ssl->transform;
ssl->transform_negotiate = NULL;
+#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
@@ -4748,14 +4762,18 @@
mbedtls_free( ssl->transform );
}
+
if( ssl->handshake )
{
mbedtls_ssl_handshake_free( ssl );
- mbedtls_ssl_transform_free( ssl->transform_negotiate );
- mbedtls_ssl_session_free( ssl->session_negotiate );
-
mbedtls_free( ssl->handshake );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ mbedtls_ssl_transform_free( ssl->transform_negotiate );
mbedtls_free( ssl->transform_negotiate );
+#endif
+
+ mbedtls_ssl_session_free( ssl->session_negotiate );
mbedtls_free( ssl->session_negotiate );
}