TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-08 18:54:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10713 from valeriosetti/backport-pr10650

Browse Source 
[backport 4.1] check_config: add missing check for TLS 1.3 key exchanges
This commit is contained in:
Valerio Setti
2026-04-24 14:32:42 +00:00
committed by GitHub
parent b4df7bb14d f2ab107392
commit 5875ffa6fc
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
library/mbedtls_check_config.h
View File

@@ -138,10 +138,19 @@
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
#error "One or more versions of the TLS protocol are enabled " \
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#error "TLS 1.2 protocol is enabled but no key exchange method is defined" \
"with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
!(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) )
#error "TLS 1.3 protocol is enabled but no key exchange method is defined" \
"with MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxxx"
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \