mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-04 19:46:06 +02:00

Files

Manuel Pégourié-Gonnard 921a2acf8b Improve dependency declarations

The function depends on MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED which is
basically

    MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED ||
    MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED

The individual test cases depend on the specific TLS version.

This is not precise enough. In a build with both TLS versions enabled,
we could have cert-based key exchange in one version but not in the
other. So, we need the 1.3 tests to depend on the 1.3 cert-based key
exchange and similarly for 1.2.

For 1.2, cert-based key exchange means ECDHE-{RSA,ECDSA} or
ECDH-{RSA,ECDSA}. Since the test function sets an ECC cert for the
server, we want one of the ECDSA ones. So, the minimal dependency would
be ECDH_ECDSA || ECDHE_ECDSA. Since dependencies with || are
inconvenient to express, and anyway ECDH_ECDSA (static ECDH) is
something we'd like to remove in 4.0 if we can find the time, I chose to
just depend on ECDHE_ECDSA.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2025-04-09 12:52:26 +02:00