ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
6ba247c236
commit
5d1f29e700
4 changed files with 26 additions and 3 deletions
|
|
@ -304,15 +304,26 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for ECDH dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_HAVE_FULL_ECDH)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || \
|
||||
!defined(MBEDTLS_PK_HAVE_ECDSA) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
|
@ -1100,6 +1111,7 @@
|
|||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_ECDSA
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_PK_HAVE_ECDH
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
|
|
|
|||
|
|
@ -853,6 +853,11 @@ extern "C" {
|
|||
#define PSA_HAVE_FULL_JPAKE 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define PSA_HAVE_FULL_ECDH 1
|
||||
#endif
|
||||
|
||||
/* These features are always enabled. */
|
||||
#define PSA_WANT_KEY_TYPE_DERIVE 1
|
||||
#define PSA_WANT_KEY_TYPE_PASSWORD 1
|
||||
|
|
|
|||
|
|
@ -193,6 +193,12 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
|||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Symbol for ECDH capabilities, no matter how it is provided */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_HAVE_FULL_ECDH)) || \
|
||||
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
||||
#define MBEDTLS_PK_CAN_ECDH
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -4220,7 +4220,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
|
|||
mbedtls_ssl_buffering_free(ssl);
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) && \
|
||||
#if defined(MBEDTLS_PK_CAN_ECDH) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||
|
|
|
|||
Loading…
Reference in a new issue