From 4059aba353fe5d8a875dcabefe8797a2854ceeb3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Mar 2023 15:40:57 +0100 Subject: [PATCH] accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 ++-- tests/scripts/all.sh | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1293f431aa..ff4eef75bf 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -802,14 +802,14 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ +#if !( defined(MBEDTLS_PK_HAVE_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#if !( defined(MBEDTLS_ECDH_C) ) +#if !( defined(MBEDTLS_PK_HAVE_ECDH) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2801214d13..0973216467 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2258,14 +2258,6 @@ config_psa_crypto_config_ecdh_use_psa () { scripts/config.py unset MBEDTLS_ECDH_C fi - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - # Note: the above two lines should be enough, but currently there's a bug - # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) - # when TLS 1.2 is also enabled, see #6848. - # So, as a temporary measure disable all of TLS 1.3. - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones)