Use correct condition to use encrypt_then_mac in ssl_tls.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 16c11cb..3332c3f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2223,14 +2223,16 @@
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
const mbedtls_ssl_transform *transform );
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
int encrypt_then_mac,
const mbedtls_ssl_ciphersuite_t *suite );
#else
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
const mbedtls_ssl_ciphersuite_t *suite );
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#if defined(MBEDTLS_ECDH_C)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index af8cbb2..4bc3c49 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1716,9 +1716,11 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg
#else
@@ -1772,26 +1774,32 @@
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_ssl_get_mode(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
transform->psa_alg );
#else
mbedtls_cipher_mode_t mode =
mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
return mbedtls_ssl_get_mode(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
mode );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
int encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
const mbedtls_ssl_ciphersuite_t *suite )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1803,9 +1811,11 @@
status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
if( status == PSA_SUCCESS )
return mbedtls_ssl_get_mode(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
alg );
#else
const mbedtls_cipher_info_t *cipher =
@@ -1813,9 +1823,11 @@
if( cipher != NULL )
return mbedtls_ssl_get_mode(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
mbedtls_cipher_info_get_mode( cipher ) );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -6969,9 +6981,11 @@
}
ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite(
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac,
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
+ MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ciphersuite_info );
if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )