diff --git a/ChangeLog.d/psa_crypto_user_config_file.txt b/ChangeLog.d/psa_crypto_user_config_file.txt new file mode 100644 index 000000000..f538f4707 --- /dev/null +++ b/ChangeLog.d/psa_crypto_user_config_file.txt @@ -0,0 +1,3 @@ +Bugfix + * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when + MBEDTLS_PSA_CRYPTO_CONFIG is disabled. diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 985edd233..c0424da82 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -59,6 +59,7 @@ #define inline __inline #endif +/* X.509, TLS and non-PSA crypto configuration */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" #else @@ -80,6 +81,18 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* PSA crypto configuration */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE +#else +#include "psa/crypto_config.h" +#endif +#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE +#endif +#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ + /* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined * to ensure a 128-bit key size in CTR_DRBG. diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 303758f03..3b30c0277 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -30,24 +30,8 @@ #ifndef MBEDTLS_CONFIG_PSA_H #define MBEDTLS_CONFIG_PSA_H -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE) -#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE -#else -#include "psa/crypto_config.h" -#endif -#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ - -#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE) -#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -#endif - #include "psa/crypto_legacy.h" -#ifdef __cplusplus -extern "C" { -#endif - /****************************************************************/ @@ -1074,8 +1058,4 @@ extern "C" { #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 -#ifdef __cplusplus -} -#endif - #endif /* MBEDTLS_CONFIG_PSA_H */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index af78dce17..d8e8e19d0 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -92,7 +92,8 @@ #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -/* Note: when adding support, also adjust include/mbedtls/config_psa.h */ +/* XTS is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 94e911515..254168331 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -63,6 +63,7 @@ EOF for header in include/mbedtls/*.h include/psa/*.h; do case ${header#include/} in mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion + mbedtls/config_*.h) :;; # not meant for direct inclusion psa/crypto_config.h) :;; # not meant for direct inclusion # Some of the psa/crypto_*.h headers are not meant to be included # directly. They do have include guards that make them no-ops if diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 2585fd9f0..81f988339 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -53,7 +53,4 @@ //#define MBEDTLS_PEM_PARSE_C //#define MBEDTLS_BASE64_C -#include "mbedtls/config_psa.h" -#include "mbedtls/check_config.h" - #endif /* MBEDTLS_CONFIG_H */