Enable signature algorithms in ssl programs with PSA based hashes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2537521..8915011 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1426,11 +1426,11 @@
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8b63359..a1b2978 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2261,11 +2261,11 @@
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* MBEDTLS_SHA384_C */
+#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 8c35fab..7ff3345 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -296,23 +296,50 @@
#else
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif
+
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
+#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
+#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
+#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
+#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
+#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+#endif
+
uint16_t ssl_sig_algs_for_test[] = {
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
-#if defined(MBEDTLS_SHA384_C)
+#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
-#if defined(MBEDTLS_SHA224_C)
+#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif