Fix dependencies of 1.2 ECDSA key exchanges
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...
Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2e02e9a..7b1c70c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -279,9 +279,20 @@
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
#endif
+/* Helper for ECDSA dependencies, will be undefined at the end of the file */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_HAVE_FULL_ECDSA)
+#define MBEDTLS_PK_HAVE_ECDSA
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PK_HAVE_ECDSA
+#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || \
- !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \
+ !defined(MBEDTLS_PK_HAVE_ECDSA) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
#endif
@@ -313,9 +324,9 @@
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(MBEDTLS_ECDH_C) || \
- !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \
+ !defined(MBEDTLS_PK_HAVE_ECDSA) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
@@ -1068,6 +1079,9 @@
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
#endif
+/* Undefine helper symbols */
+#undef MBEDTLS_PK_HAVE_ECDSA
+
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the