tls: fix guards for ECDSA support

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-07-29 11:41:15 +03:00 · 2023-08-02 20:02:28 +02:00
parent c8ccc8f86d
commit e9646ecd08
6 changed files with 36 additions and 35 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1208,7 +1208,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
            if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
                continue;
            }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
            sig_algs_len += sizeof(uint16_t);
 #endif

@ -1236,7 +1236,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
            if (hash == MBEDTLS_SSL_HASH_NONE) {
                continue;
            }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
            *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
            p++;
 #endif
@ -5042,7 +5042,7 @@ static uint16_t ssl_preset_default_sig_algs[] = {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #if defined(MBEDTLS_MD_CAN_SHA512)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@ -5053,7 +5053,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #endif
 #endif /* MBEDTLS_MD_CAN_SHA512*/
 #if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@ -5064,7 +5064,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #endif
 #endif /* MBEDTLS_MD_CAN_SHA384*/
 #if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@ -5113,7 +5113,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
 #if defined(MBEDTLS_MD_CAN_SHA256)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
 #endif
 #if defined(MBEDTLS_RSA_C)
@ -5121,7 +5121,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
 #endif
 #endif /* MBEDTLS_MD_CAN_SHA256*/
 #if defined(MBEDTLS_MD_CAN_SHA384)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
    MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #if defined(MBEDTLS_RSA_C)
@ -5412,7 +5412,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
 }

 #if defined(MBEDTLS_PK_C) && \
-    (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED))
+    (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
 /*
 * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
 */
@ -5423,7 +5423,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
        return MBEDTLS_SSL_SIG_RSA;
    }
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
    if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
        return MBEDTLS_SSL_SIG_ECDSA;
    }
@ -5451,7 +5451,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
        case MBEDTLS_SSL_SIG_RSA:
            return MBEDTLS_PK_RSA;
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
        case MBEDTLS_SSL_SIG_ECDSA:
            return MBEDTLS_PK_ECDSA;
 #endif
@ -5459,7 +5459,8 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
            return MBEDTLS_PK_NONE;
    }
 }
-#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED ) */
+#endif /* MBEDTLS_PK_C &&
+          ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */

 /*
 * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX