ssl_client.c: Fix key share code guards

In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-03-17 13:44:33 +01:00
parent df823bf39b
commit 11e1857f5e
3 changed files with 7 additions and 17 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1897,16 +1897,14 @@ static inline int mbedtls_ssl_tls13_named_group_is_dhe( uint16_t named_group )
            named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192 );
 }

-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \
-    defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                            unsigned char *buf,
                                            const unsigned char *end,
                                            size_t *out_len );

-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED ||
-          MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 /*
 * Return supported signature algorithms.