commit 11e1857f5ec8dcbc69923cdcfe8f87d51f872117
author Ronald Cron <ronald.cron@arm.com> Thu Mar 17 13:44:33 2022 +0100
committer Ronald Cron <ronald.cron@arm.com> Tue Mar 29 18:58:31 2022 +0200
tree 79167f6627449c8f578b0fbf51b8b59601077607
parent df823bf39b54b7057adc48e6d44123d0fcd486f0

ssl_client.c: Fix key share code guards

In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_client.c

diff --git a/library/ssl_client.c b/library/ssl_client.c
index 769a8f2..33c02e6 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -434,7 +434,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_ECDH_C)
     if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
     {
         ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
@@ -442,7 +442,11 @@
             return( ret );
         p += output_len;
     }
+#endif /* MBEDTLS_ECDH_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     if( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
     {
         ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );