From 63706628d03bc0b5fd19f85f91f15efb7fd23e26 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 23 May 2023 16:31:56 +0200
Subject: [PATCH] Adapt guards for FFDH

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/ssl_misc.h          | 4 ++--
 library/ssl_tls13_generic.c | 4 ++--
 library/ssl_tls13_server.c  | 8 ++++----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e3bc7766ab..fad970cf19 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2657,14 +2657,14 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
     const mbedtls_ssl_ciphersuite_t *suite);
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
 
-#if defined(PSA_WANT_ALG_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
                                               const unsigned char *buf,
                                               size_t buf_len);
 
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
 
 static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
     mbedtls_ssl_context *ssl, int cipher_suite)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index feca203bc0..6a1006fdcd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1488,7 +1488,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
     return ret;
 }
 
-#if defined(PSA_WANT_ALG_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
 
 int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
                                               const unsigned char *buf,
@@ -1569,7 +1569,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
 
     return 0;
 }
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
 
 #if defined(PSA_WANT_ALG_FFDH)
 int mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 31c6b175b4..351ef06d02 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1562,7 +1562,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
                 break;
 #endif /* PSA_WANT_ALG_ECDH */
 
-#if defined(PSA_WANT_ALG_ECDH)
+#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
             case MBEDTLS_TLS_EXT_KEY_SHARE:
                 MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension"));
 
@@ -1587,7 +1587,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
                 }
 
                 break;
-#endif /* PSA_WANT_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
 
             case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
                 /* Already parsed */
@@ -1924,7 +1924,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
         }
     } else
 #endif /* PSA_WANT_ALG_ECDH */
-#if defined(MBEDTLS_DHM_C)
+#if defined(MBEDTLS_DHM_C) || defined(PSA_WANT_ALG_FFDH)
     if (mbedtls_ssl_tls13_named_group_is_dhe(named_group)) {
         ret = mbedtls_ssl_tls13_generate_and_write_dhe_key_exchange(
             ssl, named_group, buf, end, out_len);
@@ -1935,7 +1935,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
             return ret;
         }
     } else
-#endif /* MBEDTLS_DHM_C */
+#endif /* MBEDTLS_DHM_C || PSA_WANT_ALG_FFDH */
     if (0 /* Other kinds of KEMs */) {
     } else {
         ((void) ssl);