ssl_tls: fix guard symbols for EC accelerated tests

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-28 08:37:25 +00:00 · 2023-03-20 13:56:38 +01:00 · 2023-03-20 13:56:38 +01:00 · 1fa5c56863
commit 1fa5c56863
parent 42d5f1959f
3 changed files with 16 additions and 11 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -197,6 +197,11 @@ typedef struct mbedtls_pk_rsassa_pss_options {
 #define MBEDTLS_PK_CAN_ECDSA_SOME
 #endif

+#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
+    (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
+#define MBEDTLS_PK_CAN_ECDH
+#endif
+
 /**
 * \brief           Types for interfacing with the debug module
 */
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -756,7 +756,7 @@ struct mbedtls_ssl_handshake_params {
 * access to ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not
 * seem correct.
 */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME)
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
 #endif /* !MBEDTLS_USE_PSA_CRYPTO */
@ -787,7 +787,7 @@ struct mbedtls_ssl_handshake_params {
 #endif
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
+#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) ||      \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
    uint16_t *curves_tls_id;      /*!<  List of TLS IDs of supported elliptic curves */
 #endif
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -140,7 +140,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
    return 0;
 }

-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 /*
 * Function for parsing a supported groups (TLS 1.3) or supported elliptic
@ -286,7 +286,7 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl,

    return 0;
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME ||
          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -662,7 +662,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
 /*
 * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
 */
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_check_key_curve(mbedtls_pk_context *pk,
                               uint16_t *curves_tls_id)
@ -681,7 +681,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,

    return -1;
 }
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */

 /*
 * Try picking a certificate for this ciphersuite,
@ -766,7 +766,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
            continue;
        }

-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
        if (pk_alg == MBEDTLS_PK_ECDSA &&
            ssl_check_key_curve(&cur->cert->pk,
                                ssl->handshake->curves_tls_id) != 0) {
@ -830,7 +830,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
 #endif


-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME)
    if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
        (ssl->handshake->curves_tls_id == NULL ||
         ssl->handshake->curves_tls_id[0] == 0)) {
@ -1369,7 +1369,7 @@ read_record_header:
                break;
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
                defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
            case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
                MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
@ -1389,7 +1389,7 @@ read_record_header:
                    return ret;
                }
                break;
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_PK_CAN_ECDH || MBEDTLS_PK_CAN_ECDSA_SOME ||
          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */

 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@ -1499,7 +1499,7 @@ read_record_header:
    if (!sig_hash_alg_ext_present) {
        uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
        const uint16_t default_sig_algs[] = {
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
            MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
                                               MBEDTLS_SSL_HASH_SHA1),
 #endif