Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384

Fix Mbed-TLS#4472 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm · May 12, 2021 · 0999b7d · 0999b7d
1 parent 456d547
commit 0999b7d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+     when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+     was disabled. Fix the dependency. Fixes #4472.
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
@@ -887,7 +887,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
       0 },
 #endif /* MBEDTLS_SHA256_C */
 
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA512_C)
     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,