Fix config for MBEDTLS_SSL_PROTO_TLS1_3
Remove MBEDTLS_HKDF_C as it is not needed since #5838 Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
a9a8816107
commit
cf9d972a9a
1 changed files with 4 additions and 5 deletions
|
@ -260,7 +260,7 @@
|
|||
#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
|
||||
#if defined(MBEDTLS_HKDF_C) && !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) )
|
||||
#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -756,9 +756,8 @@
|
|||
* SHA_384.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
( ( !defined(MBEDTLS_HKDF_C) ) || \
|
||||
( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \
|
||||
( !defined(MBEDTLS_PSA_CRYPTO_C) ) )
|
||||
!( ( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_348) ) && \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) || ( defined(MBEDTLS_MD_C) && ( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) ) ) )
|
||||
#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in a new issue