TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cf29c5d9d593cded1aa95a1f71444f4cb56dfd1a^! / . / library
commitcf29c5d9d593cded1aa95a1f71444f4cb56dfd1a[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Fri Sep 01 09:03:41 2023 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Sep 25 17:39:41 2023 +0200
tree2d6110ee8e14dcf67df636d27f6a07b46bde5e91
parentb2219f633dd7ada27a30776608367f07a6d4f171 [diff]
ssl: don't require MBEDTLS_ECP_DP with TLS1.3

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7dd1980..a99bb33 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -2314,18 +2314,15 @@
 {
     switch (sig_alg) {
 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
-#if defined(PSA_WANT_ALG_SHA_256) && \
-    (defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256))
+#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
             break;
 #endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(PSA_WANT_ALG_SHA_384) && \
-    (defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384))
+#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
             break;
 #endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(PSA_WANT_ALG_SHA_512) && \
-    (defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521))
+#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
         case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
             break;
 #endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2f6d30e..ee48b05 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4975,21 +4975,21 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
     defined(MBEDTLS_MD_CAN_SHA256) && \
-    defined(MBEDTLS_HAVE_SECP256R1)
+    defined(PSA_WANT_ECC_SECP_R1_256)
     MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
     // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
     defined(MBEDTLS_MD_CAN_SHA384) && \
-    defined(MBEDTLS_HAVE_SECP384R1)
+    defined(PSA_WANT_ECC_SECP_R1_384)
     MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
     // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
     defined(MBEDTLS_MD_CAN_SHA512) && \
-    defined(MBEDTLS_HAVE_SECP521R1)
+    defined(PSA_WANT_ECC_SECP_R1_521)
     MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
     // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512)
 #endif