accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 1293f43..ff4eef7 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -802,14 +802,14 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-#if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
+#if !( defined(MBEDTLS_PK_HAVE_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) )
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
#endif
#endif
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
-#if !( defined(MBEDTLS_ECDH_C) )
+#if !( defined(MBEDTLS_PK_HAVE_ECDH) )
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
#endif
#endif
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2801214..0973216 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2258,14 +2258,6 @@
scripts/config.py unset MBEDTLS_ECDH_C
fi
- scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
- scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
- # Note: the above two lines should be enough, but currently there's a bug
- # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral)
- # when TLS 1.2 is also enabled, see #6848.
- # So, as a temporary measure disable all of TLS 1.3.
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
-
# Restartable feature is not yet supported by PSA. Once it will in
# the future, the following line could be removed (see issues
# 6061, 6332 and following ones)