From 571f1ff6dcc94f880dde2b469ae3ffb488e30fbf Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 4 Oct 2022 09:33:27 +0200
Subject: [PATCH] Make sure TLS 1.2 kex macros are undefined in builds without
 TLS 1.2

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 include/mbedtls/build_info.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 041c5b61e8..9c9a345465 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -78,6 +78,20 @@
 #define MBEDTLS_PK_WRITE_C
 #endif
 
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#endif
+
 #if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 #undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED