Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384

Fix Mbed-TLS#4472 Signed-off-by: Gilles Peskine <[email protected]>
lhuang04 · May 19, 2023 · 0fc612c · 0fc612c
1 parent ad0e012
commit 0fc612c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+     when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+     was disabled. Fix the dependency. Fixes #4472.
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
@@ -887,13 +887,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
       0 },
 #endif /* MBEDTLS_SHA256_C */
 
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA512_C)
     { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
       MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
       MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
       0 },
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SHA512_C */
 #endif /* MBEDTLS_GCM_C */
 #endif /* MBEDTLS_CAMELLIA_C */