Adapt remaining guards to FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index dee56c9..2a2efe1 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -185,7 +185,8 @@
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH)
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || \
+ (defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(PSA_WANT_ALG_FFDH))
/*
* Function for writing a supported groups (TLS 1.3) or supported elliptic
* curves (TLS 1.2) extension.
@@ -257,7 +258,7 @@
for (; *group_list != 0; group_list++) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(PSA_WANT_ALG_ECDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
(mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
@@ -273,7 +274,7 @@
mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
*group_list));
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
@@ -314,7 +315,8 @@
return 0;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
- MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ||
+ (MBEDTLS_SSL_PROTO_TLS1_3 && PSA_WANT_ALG_FFDH) */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_hello_cipher_suites(
@@ -606,7 +608,8 @@
#endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH)
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || \
+ (defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(PSA_WANT_ALG_FFDH))
if (
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
(propose_tls13 &&
@@ -623,7 +626,8 @@
p += output_len;
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
- MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */
+ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ||
+ (MBEDTLS_SSL_PROTO_TLS1_3 && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bee86ca..00036e1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4214,12 +4214,13 @@
mbedtls_ssl_buffering_free(ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(PSA_WANT_ALG_ECDH) && \
+#if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
if (handshake->ecdh_psa_privkey_is_external == 0) {
psa_destroy_key(handshake->ecdh_psa_privkey);
}
-#endif /* PSA_WANT_ALG_ECDH && (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
+#endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
+ (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_transform_free(handshake->transform_handshake);
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 4d0f3f1..5825b98 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -776,7 +776,7 @@
return (int) tls_version;
}
-#if defined(PSA_WANT_ALG_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
/*
*
* From RFC 8446:
@@ -832,7 +832,7 @@
return 0;
}
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
@@ -1541,7 +1541,7 @@
break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#if defined(PSA_WANT_ALG_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension"));
@@ -1560,7 +1560,7 @@
}
break;
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
case MBEDTLS_TLS_EXT_KEY_SHARE: