Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
This commit is contained in:
commit
690ee81533
594 changed files with 7555 additions and 10243 deletions
|
@ -4,19 +4,7 @@
|
|||
# to Mbed TLS.
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
|
||||
|
||||
# Wrap lines at 100 characters
|
||||
|
|
4
3rdparty/p256-m/README.md
vendored
4
3rdparty/p256-m/README.md
vendored
|
@ -1,4 +1,4 @@
|
|||
The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project.
|
||||
The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m). They are distributed here under a dual Apache-2.0 OR GPL-2.0-or-later license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project.
|
||||
|
||||
The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository.
|
||||
The files `p256-m.c`, `p256-m.h` and `README.md` have been taken from the `p256-m` repository.
|
||||
It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`.
|
||||
|
|
202
3rdparty/p256-m/p256-m/LICENSE
vendored
202
3rdparty/p256-m/p256-m/LICENSE
vendored
|
@ -1,202 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
2
3rdparty/p256-m/p256-m/p256-m.c
vendored
2
3rdparty/p256-m/p256-m/p256-m.c
vendored
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* Author: Manuel Pégourié-Gonnard.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#include "p256-m.h"
|
||||
|
|
2
3rdparty/p256-m/p256-m/p256-m.h
vendored
2
3rdparty/p256-m/p256-m/p256-m.h
vendored
|
@ -3,7 +3,7 @@
|
|||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* Author: Manuel Pégourié-Gonnard.
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef P256_M_H
|
||||
#define P256_M_H
|
||||
|
|
14
3rdparty/p256-m/p256-m_driver_entrypoints.c
vendored
14
3rdparty/p256-m/p256-m_driver_entrypoints.c
vendored
|
@ -3,19 +3,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
|
14
3rdparty/p256-m/p256-m_driver_entrypoints.h
vendored
14
3rdparty/p256-m/p256-m_driver_entrypoints.h
vendored
|
@ -3,19 +3,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef P256M_DRIVER_ENTRYPOINTS_H
|
||||
|
|
|
@ -106,6 +106,6 @@ The following branches are currently maintained:
|
|||
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
|
||||
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
|
||||
maintained until at least the end of 2024, see
|
||||
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.5>.
|
||||
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6>.
|
||||
|
||||
Users are urged to always use the latest version of a maintained branch.
|
||||
|
|
|
@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
|
|||
write_basic_package_version_file(
|
||||
"cmake/MbedTLSConfigVersion.cmake"
|
||||
COMPATIBILITY SameMajorVersion
|
||||
VERSION 3.5.0)
|
||||
VERSION 3.5.1)
|
||||
|
||||
install(
|
||||
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
|
||||
|
|
|
@ -84,11 +84,11 @@ Mbed TLS is well documented, but if you think documentation is needed, speak out
|
|||
License and Copyright
|
||||
---------------------
|
||||
|
||||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license.
|
||||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under.
|
||||
|
||||
Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses.
|
||||
Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses.
|
||||
|
||||
All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
|
||||
All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later".
|
||||
|
||||
The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
|
||||
|
||||
|
|
14
ChangeLog
14
ChangeLog
|
@ -1,12 +1,22 @@
|
|||
Mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= Mbed TLS 3.5.1 branch released 2023-11-06
|
||||
|
||||
Changes
|
||||
* Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
|
||||
license. Users may choose which license they take the code under.
|
||||
|
||||
Bugfix
|
||||
* Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules
|
||||
in CMake.
|
||||
|
||||
= Mbed TLS 3.5.0 branch released 2023-10-05
|
||||
|
||||
API changes
|
||||
* Mbed TLS 3.4 introduced support for omitting the built-in implementation
|
||||
of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
|
||||
their was a flaw in the logic checking if the built-in implementation, in
|
||||
that if failed to check if all the relevant curves were supported by the
|
||||
there was a flaw in the logic checking if the built-in implementation, in
|
||||
that it failed to check if all the relevant curves were supported by the
|
||||
accelerator. As a result, it was possible to declare no curves as
|
||||
accelerated and still have the built-in implementation compiled out.
|
||||
Starting with this release, it is necessary to declare which curves are
|
||||
|
|
3
ChangeLog.d/8372.txt
Normal file
3
ChangeLog.d/8372.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* AES-NI is now supported in Windows builds with clang and clang-cl.
|
||||
Resolves #8372.
|
6
ChangeLog.d/8482.txt
Normal file
6
ChangeLog.d/8482.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
Changes
|
||||
* PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
|
||||
they are now treated separately. This means that they should be
|
||||
individually enabled in order to enable respective support; also the
|
||||
corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
|
||||
acceleration is required.
|
|
@ -1,3 +0,0 @@
|
|||
Bugfix
|
||||
* Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules
|
||||
in CMake.
|
|
@ -0,0 +1,6 @@
|
|||
Features
|
||||
* Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows
|
||||
parsing unsupported certificate extensions via user provided callback.
|
||||
|
||||
Bugfix
|
||||
* Fix parsing of CSRs with critical extensions.
|
3
ChangeLog.d/fix-issue-x509-cert_req.txt
Normal file
3
ChangeLog.d/fix-issue-x509-cert_req.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix possible NULL dereference issue in X509 cert_req program if an entry
|
||||
in the san parameter is not separated by a colon.
|
3
ChangeLog.d/fix-issue-x509-cert_write.txt
Normal file
3
ChangeLog.d/fix-issue-x509-cert_write.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix possible NULL dereference issue in X509 cert_write program if an entry
|
||||
in the san parameter is not separated by a colon.
|
2
ChangeLog.d/fix-linux-builds-in-conda-forge.txt
Normal file
2
ChangeLog.d/fix-linux-builds-in-conda-forge.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Bugfix
|
||||
* Fix build failure in conda-forge. Fixes #8422.
|
4
ChangeLog.d/fix-mingw32-build.txt
Normal file
4
ChangeLog.d/fix-mingw32-build.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Bugfix
|
||||
* Fix an inconsistency between implementations and usages of `__cpuid`,
|
||||
which mainly causes failures when building Windows target using
|
||||
mingw or clang. Fixes #8334 & #8332.
|
5
ChangeLog.d/gnutls_anti_replay_fail.txt
Normal file
5
ChangeLog.d/gnutls_anti_replay_fail.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Switch to milliseconds as the unit for ticket creation and reception time
|
||||
instead of seconds. That avoids rounding errors when computing the age of
|
||||
tickets compared to peer using a millisecond clock (observed with GnuTLS).
|
||||
Fixes #6623.
|
4
ChangeLog.d/rename-conf-early-data-API.txt
Normal file
4
ChangeLog.d/rename-conf-early-data-API.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
API changes
|
||||
* Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and
|
||||
mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
|
||||
feature may not be TLS 1.3 specific in the future. Fixes #6909.
|
7
ChangeLog.d/sha256-armce-arm.txt
Normal file
7
ChangeLog.d/sha256-armce-arm.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
Features
|
||||
* Support Armv8-A Crypto Extension acceleration for SHA-256
|
||||
when compiling for Thumb (T32) or 32-bit Arm (A32).
|
||||
New deprecations
|
||||
* Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to
|
||||
MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
|
||||
be used, but are deprecated.
|
351
LICENSE
351
LICENSE
|
@ -1,3 +1,10 @@
|
|||
Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html)
|
||||
OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license.
|
||||
This means that users may choose which of these licenses they take the code
|
||||
under.
|
||||
|
||||
The full text of each of these licenses is given below.
|
||||
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
|
@ -200,3 +207,347 @@
|
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
|
||||
===============================================================================
|
||||
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Lesser General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License.
|
||||
|
|
|
@ -307,14 +307,14 @@ When using drivers, you will generally want to enable two compilation options (s
|
|||
License
|
||||
-------
|
||||
|
||||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information.
|
||||
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information.
|
||||
|
||||
### Third-party code included in Mbed TLS
|
||||
|
||||
This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below:
|
||||
This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below:
|
||||
|
||||
* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
|
||||
* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by Mbed TLS under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project.
|
||||
* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author.
|
||||
|
||||
Contributing
|
||||
------------
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration of features that do not require an entropy source
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
/*
|
||||
* Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/* System support */
|
||||
|
|
40
configs/config-tfm.h
Normal file
40
configs/config-tfm.h
Normal file
|
@ -0,0 +1,40 @@
|
|||
/**
|
||||
* \file config-tfm.h
|
||||
*
|
||||
* \brief TF-M medium profile, adapted to work on other platforms.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/* TF-M medium profile: mbedtls legacy configuration */
|
||||
#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h"
|
||||
|
||||
/* TF-M medium profile: PSA crypto configuration */
|
||||
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h"
|
||||
|
||||
/***********************************************************/
|
||||
/* Tweak the configuration to remove dependencies on TF-M. */
|
||||
/***********************************************************/
|
||||
|
||||
/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */
|
||||
#undef MBEDTLS_PSA_CRYPTO_SPM
|
||||
|
||||
/* TF-M provides its own dummy implementations to save code size.
|
||||
* We don't have any way to disable the tests that need these feature,
|
||||
* so we just keep AES decryption enabled. We will resolve this through
|
||||
* an official way to disable AES decryption, then this deviation
|
||||
* will no longer be needed:
|
||||
* https://github.com/Mbed-TLS/mbedtls/issues/7368
|
||||
*/
|
||||
#undef MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
#undef MBEDTLS_AES_DECRYPT_ALT
|
||||
|
||||
/* Use built-in platform entropy functions (TF-M provides its own). */
|
||||
#undef MBEDTLS_NO_PLATFORM_ENTROPY
|
||||
|
||||
/* Disable buffer-based memory allocator. This isn't strictly required,
|
||||
* but using the native allocator is faster and works better with
|
||||
* memory management analysis frameworks such as ASan. */
|
||||
#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/*
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef PSA_CRYPTO_CONFIG_H
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
/*
|
||||
* Copyright (c) 2018-2022, Arm Limited. All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* \file psa/crypto_config.h
|
||||
* \brief PSA crypto configuration options (set of defines)
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
/**
|
||||
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
|
|
@ -8,22 +8,8 @@
|
|||
* memory footprint.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C) 2006-2022, ARM Limited, All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef PROFILE_M_MBEDTLS_CONFIG_H
|
|
@ -1,19 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
Thread safety of the PSA subsystem
|
||||
==================================
|
||||
# Thread safety of the PSA subsystem
|
||||
|
||||
## Requirements
|
||||
Currently PSA Crypto API calls in Mbed TLS releases are not thread-safe. In Mbed TLS 3.6 we are planning to add a minimal support for thread-safety of the PSA Crypto API (see section [Strategy for 3.6](#strategy-for-36)).
|
||||
|
||||
### Backward compatibility requirement
|
||||
In the [Design analysis](#design-analysis) section we analyse design choices. This discussion is not constrained to what is planned for 3.6 and considers future developments. It also leaves some questions open and discusses options that have been (or probably will be) rejected.
|
||||
|
||||
## Design analysis
|
||||
|
||||
This section explores possible designs and does not reflect what is currently implemented.
|
||||
|
||||
### Requirements
|
||||
|
||||
#### Backward compatibility requirement
|
||||
|
||||
Code that is currently working must keep working. There can be an exception for code that uses features that are advertised as experimental; for example, it would be annoying but ok to add extra requirements for drivers.
|
||||
|
||||
|
@ -18,7 +25,7 @@ Tempting platform requirements that we cannot add to the default `MBEDTLS_THREAD
|
|||
* Releasing a mutex from a different thread than the one that acquired it. This isn't even guaranteed to work with pthreads.
|
||||
* New primitives such as semaphores or condition variables.
|
||||
|
||||
### Correctness out of the box
|
||||
#### Correctness out of the box
|
||||
|
||||
If you build with `MBEDTLS_PSA_CRYPTO_C` and `MBEDTLS_THREADING_C`, the code must be functionally correct: no race conditions, deadlocks or livelocks.
|
||||
|
||||
|
@ -31,7 +38,7 @@ The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/ov
|
|||
|
||||
Note that while the specification does not define the behavior in such cases, Mbed TLS can be used as a crypto service. It's acceptable if an application can mess itself up, but it is not acceptable if an application can mess up the crypto service. As a consequence, destroying a key while it's in use may violate the security property that all key material is erased as soon as `psa_destroy_key` returns, but it may not cause data corruption or read-after-free inside the key store.
|
||||
|
||||
### No spinning
|
||||
#### No spinning
|
||||
|
||||
The code must not spin on a potentially non-blocking task. For example, this is proscribed:
|
||||
```
|
||||
|
@ -44,22 +51,22 @@ while (!its_my_turn) {
|
|||
|
||||
Rationale: this can cause battery drain, and can even be a livelock (spinning forever), e.g. if the thread that might unblock this one has a lower priority.
|
||||
|
||||
### Driver requirements
|
||||
#### Driver requirements
|
||||
|
||||
At the time of writing, the driver interface specification does not consider multithreaded environments.
|
||||
|
||||
We need to define clear policies so that driver implementers know what to expect. Here are two possible policies at two ends of the spectrum; what is desirable is probably somewhere in between.
|
||||
|
||||
* Driver entry points may be called concurrently from multiple threads, even if they're using the same key, and even including destroying a key while an operation is in progress on it.
|
||||
* At most one driver entry point is active at any given time.
|
||||
* **Policy 1:** Driver entry points may be called concurrently from multiple threads, even if they're using the same key, and even including destroying a key while an operation is in progress on it.
|
||||
* **Policy 2:** At most one driver entry point is active at any given time.
|
||||
|
||||
A more reasonable policy could be:
|
||||
Combining the two we arrive at **Policy 3**:
|
||||
|
||||
* By default, each driver only has at most one entry point active at any given time. In other words, each driver has its own exclusive lock.
|
||||
* Drivers have an optional `"thread_safe"` boolean property. If true, it allows concurrent calls to this driver.
|
||||
* Even with a thread-safe driver, the core never starts the destruction of a key while there are operations in progress on it, and never performs concurrent calls on the same multipart operation.
|
||||
|
||||
### Long-term performance requirements
|
||||
#### Long-term performance requirements
|
||||
|
||||
In the short term, correctness is the important thing. We can start with a global lock.
|
||||
|
||||
|
@ -67,9 +74,9 @@ In the medium to long term, performing a slow or blocking operation (for example
|
|||
|
||||
We may want to go directly to a more sophisticated approach because when a system works with a global lock, it's typically hard to get rid of it to get more fine-grained concurrency.
|
||||
|
||||
### Key destruction short-term requirements
|
||||
#### Key destruction short-term requirements
|
||||
|
||||
#### Summary of guarantees in the short term
|
||||
##### Summary of guarantees in the short term
|
||||
|
||||
When `psa_destroy_key` returns:
|
||||
|
||||
|
@ -79,11 +86,11 @@ When `psa_destroy_key` returns:
|
|||
|
||||
When `psa_destroy_key` is called on a key that is in use, guarantee 2. might be violated. (This is consistent with the requirement [“Correctness out of the box”](#correctness-out-of-the-box), as destroying a key while it's in use is undefined behavior.)
|
||||
|
||||
### Key destruction long-term requirements
|
||||
#### Key destruction long-term requirements
|
||||
|
||||
The [PSA Crypto API specification](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#key-destruction) mandates that implementations make a best effort to ensure that the key material cannot be recovered. In the long term, it would be good to guarantee that `psa_destroy_key` wipes all copies of the key material.
|
||||
|
||||
#### Summary of guarantees in the long term
|
||||
##### Summary of guarantees in the long term
|
||||
|
||||
When `psa_destroy_key` returns:
|
||||
|
||||
|
@ -94,11 +101,11 @@ When `psa_destroy_key` returns:
|
|||
|
||||
As opposed to the short term requirements, all the above guarantees hold even if `psa_destroy_key` is called on a key that is in use.
|
||||
|
||||
## Resources to protect
|
||||
### Resources to protect
|
||||
|
||||
Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8451fd8597fce69eaa6867.
|
||||
|
||||
### Global variables
|
||||
#### Global variables
|
||||
|
||||
* `psa_crypto_slot_management::global_data.key_slots[i]`: see [“Key slots”](#key-slots).
|
||||
|
||||
|
@ -120,9 +127,9 @@ Analysis of the behavior of the PSA key store as of Mbed TLS 9202ba37b19d3ea25c8
|
|||
* `psa_crypto_init`: modification.
|
||||
* Many functions via `GUARD_MODULE_INITIALIZED`: read.
|
||||
|
||||
### Key slots
|
||||
#### Key slots
|
||||
|
||||
#### Key slot array traversal
|
||||
##### Key slot array traversal
|
||||
|
||||
“Occupied key slot” is determined by `psa_is_key_slot_occupied` based on `slot->attr.type`.
|
||||
|
||||
|
@ -136,7 +143,7 @@ The following functions traverse the key slot array:
|
|||
* `psa_wipe_all_key_slots`: writes to all slots.
|
||||
* `mbedtls_psa_get_stats`: reads from all slots.
|
||||
|
||||
#### Key slot state
|
||||
##### Key slot state
|
||||
|
||||
The following functions modify a slot's usage state:
|
||||
|
||||
|
@ -194,13 +201,15 @@ The following functions modify a slot's usage state:
|
|||
* `psa_key_derivation_input_key` - reads attr.type
|
||||
* `psa_key_agreement_raw_internal` - reads attr.type and attr.bits
|
||||
|
||||
#### Determining whether a key slot is occupied
|
||||
##### Determining whether a key slot is occupied
|
||||
|
||||
`psa_is_key_slot_occupied` currently uses the `attr.type` field to determine whether a key slot is occupied. This works because we maintain the invariant that an occupied slot contains key material. With concurrency, it is desirable to allow a key slot to be reserved, but not yet contain key material or even metadata. When creating a key, determining the key type can be costly, for example when loading a persistent key from storage or (not yet implemented) when importing or unwrapping a key using an interface that determines the key type from the data that it parses. So we should not need to hold the global key store lock while the key type is undetermined.
|
||||
|
||||
Instead, `psa_is_key_slot_occupied` should use the key identifier to decide whether a slot is occupied. The key identifier is always readily available: when allocating a slot for a persistent key, it's an input of the function that allocates the key slot; when allocating a slot for a volatile key, the identifier is calculated from the choice of slot.
|
||||
|
||||
#### Key slot content
|
||||
Alternatively, we could use a dedicated indicator that the slot is occupied. The advantage of this is that no field of the `attr` structure would be needed to determine the slot state. This would be a clean separation between key attributes and slot state and `attr` could be treated exactly like key slot content. This would save code size and maintenance effort. The cost of it would be that each slot would need an extra field to indicate whether it is occupied.
|
||||
|
||||
##### Key slot content
|
||||
|
||||
Other than what is used to determine the [“key slot state”](#key-slot-state), the contents of a key slot are only accessed as follows:
|
||||
|
||||
|
@ -236,7 +245,7 @@ Other than what is used to determine the [“key slot state”](#key-slot-state)
|
|||
* `psa_key_agreement_raw_internal` - passes key data to mbedtls_psa_ecp_load_representation
|
||||
* `psa_generate_key` - passes key data to psa_driver_wrapper_generate_key
|
||||
|
||||
### Random generator
|
||||
#### Random generator
|
||||
|
||||
The PSA RNG can be accessed both from various PSA functions, and from application code via `mbedtls_psa_get_random`.
|
||||
|
||||
|
@ -244,11 +253,11 @@ With the built-in RNG implementations using `mbedtls_ctr_drbg_context` or `mbedt
|
|||
|
||||
When `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is enabled, thread safety depends on the implementation.
|
||||
|
||||
### Driver resources
|
||||
#### Driver resources
|
||||
|
||||
Depends on the driver. The PSA driver interface specification does not discuss whether drivers must support concurrent calls.
|
||||
|
||||
## Simple global lock strategy
|
||||
### Simple global lock strategy
|
||||
|
||||
Have a single mutex protecting all accesses to the key store and other global variables. In practice, this means every PSA API function needs to take the lock on entry and release on exit, except for:
|
||||
|
||||
|
@ -261,7 +270,7 @@ Note that this does not protect access to the RNG via `mbedtls_psa_get_random`,
|
|||
|
||||
This approach is conceptually simple, but requires extra instrumentation to every function and has bad performance in a multithreaded environment since a slow operation in one thread blocks unrelated operations on other threads.
|
||||
|
||||
## Global lock excluding slot content
|
||||
### Global lock excluding slot content
|
||||
|
||||
Have a single mutex protecting all accesses to the key store and other global variables, except that it's ok to access the content of a key slot without taking the lock if one of the following conditions holds:
|
||||
|
||||
|
@ -270,7 +279,7 @@ Have a single mutex protecting all accesses to the key store and other global va
|
|||
|
||||
Note that a thread must hold the global mutex when it reads or changes a slot's state.
|
||||
|
||||
### Slot states
|
||||
#### Slot states
|
||||
|
||||
For concurrency purposes, a slot can be in one of three states:
|
||||
|
||||
|
@ -285,16 +294,129 @@ A high-level view of state transitions:
|
|||
* `psa_unlock_key_slot`: READING → UNUSED or READING.
|
||||
* `psa_finish_key_creation`: WRITING → READING.
|
||||
* `psa_fail_key_creation`: WRITING → UNUSED.
|
||||
* `psa_wipe_key_slot`: any → UNUSED. If the slot is READING or WRITING on entry, this function must wait until the writer or all readers have finished. (By the way, the WRITING state is possible if `mbedtls_psa_crypto_free` is called while a key creation is in progress.) See [“Destruction of a key in use”](#destruction of a key in use).
|
||||
* `psa_wipe_key_slot`: any → UNUSED. If the slot is READING or WRITING on entry, this function must wait until the writer or all readers have finished. (By the way, the WRITING state is possible if `mbedtls_psa_crypto_free` is called while a key creation is in progress.) See [“Destruction of a key in use”](#destruction-of-a-key-in-use).
|
||||
|
||||
The current `state->lock_count` corresponds to the difference between UNUSED and READING: a slot is in use iff its lock count is nonzero, so `lock_count == 0` corresponds to UNUSED and `lock_count != 0` corresponds to READING.
|
||||
|
||||
There is currently no indication of when a slot is in the WRITING state. This only happens between a call to `psa_start_key_creation` and a call to one of `psa_finish_key_creation` or `psa_fail_key_creation`. This new state can be conveyed by a new boolean flag, or by setting `lock_count` to `~0`.
|
||||
|
||||
### Destruction of a key in use
|
||||
#### Destruction of a key in use
|
||||
|
||||
Problem: a key slot is destroyed (by `psa_wipe_key_slot`) while it's in use (READING or WRITING).
|
||||
Problem: In [Key destruction long-term requirements](#key-destruction-long-term-requirements) we require that the key slot is destroyed (by `psa_wipe_key_slot`) even while it's in use (READING or WRITING).
|
||||
|
||||
TODO: how do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock).
|
||||
How do we ensure that? This needs something more sophisticated than mutexes (concurrency number >2)! Even a per-slot mutex isn't enough (we'd need a reader-writer lock).
|
||||
|
||||
Solution: after some team discussion, we've decided to rely on a new threading abstraction which mimics C11 (i.e. `mbedtls_fff` where `fff` is the C11 function name, having the same parameters and return type, with default implementations for C11, pthreads and Windows). We'll likely use condition variables in addition to mutexes.
|
||||
|
||||
##### Mutex only
|
||||
|
||||
When calling `psa_wipe_key_slot` it is the callers responsibility to set the slot state to WRITING first. For most functions this is a clean UNUSED -> WRITING transition: psa_get_empty_key_slot, psa_get_and_lock_key_slot, psa_close_key, psa_purge_key.
|
||||
|
||||
`psa_wipe_all_key_slots` is only called from `mbedtls_psa_crypto_free`, here we will need to return an error as we won't be able to free the key store if a key is in use without compromising the state of the secure side. This is acceptable as an untrusted application cannot call `mbedtls_psa_crypto_free` in a crypto service. In a service integration, `mbedtls_psa_crypto_free` on the client cuts the communication with the crypto service. Also, this is the current behaviour.
|
||||
|
||||
`psa_destroy_key` marks the slot as deleted, deletes persistent keys and opaque keys and returns. This only works if drivers are protected by a mutex (and the persistent storage as well if needed). When the last reading operation finishes, it wipes the key slot. This will free the key ID, but the slot might be still in use. In case of volatile keys freeing up the ID while the slot is still in use does not provide any benefit and we don't need to do it.
|
||||
|
||||
These are serious limitations, but this can be implemented with mutexes only and arguably satisfies the [Key destruction short-term requirements](#key-destruction-short-term-requirements).
|
||||
|
||||
Variations:
|
||||
|
||||
1. As a first step the multipart operations would lock the keys for reading on setup and release on free
|
||||
2. In a later stage this would be improved by locking the keys on entry into multi-part API calls and released before exiting.
|
||||
|
||||
The second variant can't be implemented as a backward compatible improvement on the first as multipart operations that were successfully completed in the first case, would fail in the second. If we want to implement these incrementally, multipart operations in a multithreaded environment must be left unsupported in the first variant. This makes the first variant impractical (multipart operations returning an error in builds with multithreading enabled is not a behaviour that would be very useful to release).
|
||||
|
||||
We can't reuse the `lock_count` field to mark key slots deleted, as we still need to keep track the lock count while the slot is marked for deletion. This means that we will need to add a new field to key slots. This new field can be reused to indicate whether the slot is occupied (see section [Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied)). (There would be three states: deleted, occupied, empty.)
|
||||
|
||||
#### Condition variables
|
||||
|
||||
Clean UNUSED -> WRITING transition works as before.
|
||||
|
||||
`psa_wipe_all_key_slots` and `psa_destroy_key` mark the slot as deleted and go to sleep until the slot state becomes UNUSED. When waking up, they wipe the slot, and return.
|
||||
|
||||
If the slot is already marked as deleted the threads calling `psa_wipe_all_key_slots` and `psa_destroy_key` go to sleep until the deletion completes. To satisfy [Key destruction long-term requirements](#key-destruction-long-term-requirements) none of the threads may return from the call until the slot is deleted completely. This can be achieved by signalling them when the slot has already been wiped and ready for use, that is not marked for deletion anymore. To handle spurious wake-ups, these threads need to be able to tell whether the slot was already deleted. This is not trivial, because by the time the thread wakes up, theoretically the slot might be in any state. It might have been reused and maybe even marked for deletion again.
|
||||
|
||||
To resolve this, we can either:
|
||||
|
||||
1. Depend on the deletion marker. If the slot has been reused and is marked for deletion again, the threads keep waiting until the second deletion completes.
|
||||
2. Introduce a uuid (eg a global counter plus a slot ID), which is recorded by the thread waiting for deletion and checks whether it matches. If it doesn't, the function can return as the slot was already reallocated. If it does match, it can check whether it is still marked for deletion, if it is, the thread goes back to sleep, if it isn't, the function can return.
|
||||
|
||||
##### Platform abstraction
|
||||
|
||||
Introducing condition variables to the platform abstraction layer would be best done in a major version. If we can't wait until that, we will need to introduce a new compile time flag. Considering that this only will be needed on the PSA Crypto side and the upcoming split, it makes sense to make this flag responsible for the entire PSA Crypto threading support. Therefore if we want to keep the option open for implementing this in a backward compatible manner, we need to introduce and use this new flag already when implementing [Mutex only](#mutex-only). (If we keep the abstraction layer for mutexes the same, this shouldn't mean increase in code size and would mean only minimal effort on the porting side.)
|
||||
|
||||
#### Operation contexts
|
||||
|
||||
Concurrent access to the same operation context can compromise the crypto service for example if the operation context has a pointer (depending on the compiler and the platform, the pointer assignment may or may not be atomic). This violates the functional correctness requirement of the crypto service. (Concurrent calls to operations is undefined behaviour, but still should not compromise the CIA of the crypto service.)
|
||||
|
||||
If we want to protect against this in the library, operations will need a status field protected by a global mutex similarly to key slots. On entry, API calls would check the state and return an error if it is already ACTIVE. Otherwise they set it to ACTIVE and restore it to INACTIVE before returning.
|
||||
|
||||
Alternatively, protecting operation contexts can be left as the responsibility of the crypto service. The [PSA Crypto API Specification](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#concurrent-calls) does not require the library to provide any protection in this case. A crypto service can easily add its own mutex in its operation structure wrapper (the same structure where it keeps track of which client connection owns that operation object).
|
||||
|
||||
#### Drivers
|
||||
|
||||
Each driver that hasn’t got the "thread_safe” property set has a dedicated mutex.
|
||||
|
||||
Implementing "thread_safe” drivers depends on the condition variable protection in the key store, as we must guarantee that the core never starts the destruction of a key while there are operations in progress on it.
|
||||
|
||||
Start with implementing threading for drivers without the "thread_safe” property (all drivers behave like the property wasn't set). Add "thread_safe" drivers at some point after the [Condition variables](#condition-variables) approach is implemented in the core.
|
||||
|
||||
##### Reentrancy
|
||||
|
||||
It is natural sometimes to want to perform cryptographic operations from a driver, for example calculating a hash as part of various other crypto primitives, or using a block cipher in a driver for a mode, etc. Also encrypting/authenticating communication with a secure element.
|
||||
|
||||
**Non-thread-safe drivers:**
|
||||
|
||||
A driver is non-thread-safe if the `thread-safe` property (see [Driver requirements](#driver-requirements)) is set to false.
|
||||
|
||||
In the non-thread-safe case we have these natural assumptions/requirements:
|
||||
1. Drivers don't call the core for any operation for which they provide an entry point
|
||||
2. The core doesn't hold the driver mutex between calls to entry points
|
||||
|
||||
With these, the only way of a deadlock is when we have several drivers and they have circular dependencies. That is, Driver A makes a call that is despatched to Driver B and upon executing that Driver B makes a call that is despatched to Driver A. For example Driver A does CCM calls Driver B to do CBC-MAC, which in turn calls Driver A to do AES. This example is pretty contrived and it is hard to find a more practical example.
|
||||
|
||||
Potential ways for resolving this:
|
||||
1. Non-thread-safe drivers must not call the core
|
||||
2. Provide a new public API that drivers can safely call
|
||||
3. Make the dispatch layer public for drivers to call
|
||||
4. There is a whitelist of core APIs that drivers can call. Drivers providing entry points to these must not make a call to the core when handling these calls. (Drivers are still allowed to call any core API that can't have a driver entry point.)
|
||||
|
||||
The first is too restrictive, the second and the third would require making it a stable API, and would likely increase the code size for a relatively rare feature. We are choosing the fourth as that is the most viable option.
|
||||
|
||||
**Thread-safe drivers:**
|
||||
|
||||
A driver is non-thread-safe if the `thread-safe` property (see [Driver requirements](#driver-requirements)) is set to true.
|
||||
|
||||
To make reentrancy in non-thread-safe drivers work, thread-safe drivers must not make a call to the core when handling a call that is on the non-thread-safe driver core API whitelist.
|
||||
|
||||
Thread-safe drivers have less guarantees from the core and need to implement more complex logic and we can reasonably expect them to be more flexible in terms of reentrancy as well. At this point it is hard to see what further guarantees would be useful and feasible. Therefore, we don't provide any further guarantees for now.
|
||||
|
||||
Thread-safe drivers must not make any assumption about the operation of the core beyond what is discussed in the [Reentrancy](#reentrancy) and [Driver requirements](#driver-requirements) sections.
|
||||
|
||||
#### Global data
|
||||
|
||||
PSA Crypto makes use of a `global_data` variable that will be accessible from multiple threads and needs to be protected. Any function accessing this variable (or its members) must take the corresponding lock first. Since `global_data` holds the RNG state, these will involve relatively expensive operations and therefore ideally `global_data` should be protected by its own, dedicated lock (different from the one protecting the key store).
|
||||
|
||||
Note that this does not protect access to the RNG via `mbedtls_psa_get_random`, which is guaranteed to be thread-safe when `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is disabled. Still, doing so is conceptually simpler and we probably will want to remove the lower level mutex in the long run, since the corresponding interface will be removed from the public API. The two mutexes are different and are always taken in the same order, there is no risk of deadlock.
|
||||
|
||||
The purpose of `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is very similar to the driver interface (and might even be added to it in the long run), therefore it makes sense to handle it the same way. In particular, we can use the `global_data` mutex to protect it as a default and when we implement the "thread_safe” property for drivers, we implement it for `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as well.
|
||||
|
||||
#### Implementation notes
|
||||
|
||||
Since we only have simple mutexes, locking the same mutex from the same thread is a deadlock. Therefore functions taking the global mutex must not be called while holding the same mutex. Functions taking the mutex will document this fact and the implications.
|
||||
|
||||
Releasing the mutex before a function call might introduce race conditions. Therefore might not be practical to take the mutex in low level access functions. If functions like that don't take the mutex, they need to rely on the caller to take it for them. These functions will document that the caller is required to hold the mutex.
|
||||
|
||||
To avoid performance degradation, functions must hold mutexes for as short time as possible. In particular, they must not start expensive operations (eg. doing cryptography) while holding the mutex.
|
||||
|
||||
## Strategy for 3.6
|
||||
|
||||
The goal is to provide viable threading support without extending the platform abstraction. (Condition variables should be added in 4.0.) This means that we will be relying on mutexes only.
|
||||
|
||||
- Key Store
|
||||
- Slot states are described in the [Slot states](#slot-states) section. They guarantee safe concurrent access to slot contents.
|
||||
- Slot states will be protected by a global mutex as described in the introduction of the [Global lock excluding slot content](#global-lock-excluding-slot-content) section.
|
||||
- Simple key destruction strategy as described in the [Mutex only](#mutex-only) section (variant 2).
|
||||
- The slot state and key attributes will be separated as described in the last paragraph of the [Determining whether a key slot is occupied](#determining-whether-a-key-slot-is-occupied) section.
|
||||
- The main `global_data` (the one in `psa_crypto.c`) shall be protected by its own mutex as described in the [Global data](#global-data) section.
|
||||
- The solution shall use the pre-existing `MBEDTLS_THREADING_C` threading abstraction. That is, the flag proposed in the [Platform abstraction](#platform-abstraction) section won't be implemented.
|
||||
- The core makes no additional guarantees for drivers. That is, Policy 1 in section [Driver requirements](#driver-requirements) applies.
|
||||
|
|
|
@ -4,7 +4,7 @@ Migrating to an auto generated psa_crypto_driver_wrappers.h file
|
|||
This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.h file.
|
||||
It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
|
||||
|
||||
For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html).
|
||||
For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.md).
|
||||
|
||||
## Introduction
|
||||
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,23 +6,11 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
* @mainpage Mbed TLS v3.5.0 API Documentation
|
||||
* @mainpage Mbed TLS v3.5.1 API Documentation
|
||||
*
|
||||
* This documentation describes the internal structure of Mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
/*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
PROJECT_NAME = "Mbed TLS v3.5.0"
|
||||
PROJECT_NAME = "Mbed TLS v3.5.1"
|
||||
OUTPUT_DIRECTORY = ../apidoc/
|
||||
FULL_PATH_NAMES = NO
|
||||
OPTIMIZE_OUTPUT_FOR_C = YES
|
||||
|
|
|
@ -22,19 +22,7 @@
|
|||
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_AES_H
|
||||
|
|
|
@ -11,19 +11,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ARIA_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_ASN1_H
|
||||
#define MBEDTLS_ASN1_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_ASN1_WRITE_H
|
||||
#define MBEDTLS_ASN1_WRITE_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_BASE64_H
|
||||
#define MBEDTLS_BASE64_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_BIGNUM_H
|
||||
#define MBEDTLS_BIGNUM_H
|
||||
|
|
58
include/mbedtls/block_cipher.h
Normal file
58
include/mbedtls/block_cipher.h
Normal file
|
@ -0,0 +1,58 @@
|
|||
/**
|
||||
* \file block_cipher.h
|
||||
*
|
||||
* \brief Internal abstraction layer.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_BLOCK_CIPHER_H
|
||||
#define MBEDTLS_BLOCK_CIPHER_H
|
||||
|
||||
#include "mbedtls/private_access.h"
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#include "mbedtls/aes.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
#include "mbedtls/aria.h"
|
||||
#endif
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
#include "mbedtls/camellia.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef enum {
|
||||
MBEDTLS_BLOCK_CIPHER_ID_NONE = 0, /**< Unset. */
|
||||
MBEDTLS_BLOCK_CIPHER_ID_AES, /**< The AES cipher. */
|
||||
MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
|
||||
MBEDTLS_BLOCK_CIPHER_ID_ARIA, /**< The Aria cipher. */
|
||||
} mbedtls_block_cipher_id_t;
|
||||
|
||||
typedef struct {
|
||||
mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id);
|
||||
union {
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
mbedtls_aes_context MBEDTLS_PRIVATE(aes);
|
||||
#endif
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
mbedtls_aria_context MBEDTLS_PRIVATE(aria);
|
||||
#endif
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
mbedtls_camellia_context MBEDTLS_PRIVATE(camellia);
|
||||
#endif
|
||||
} MBEDTLS_PRIVATE(ctx);
|
||||
} mbedtls_block_cipher_context_t;
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_BLOCK_CIPHER_H */
|
|
@ -8,19 +8,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_BUILD_INFO_H
|
||||
|
@ -38,16 +26,16 @@
|
|||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 3
|
||||
#define MBEDTLS_VERSION_MINOR 5
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
#define MBEDTLS_VERSION_PATCH 1
|
||||
|
||||
/**
|
||||
* The single version number has the following structure:
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x03050000
|
||||
#define MBEDTLS_VERSION_STRING "3.5.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x03050100
|
||||
#define MBEDTLS_VERSION_STRING "3.5.1"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1"
|
||||
|
||||
/* Macros for build-time platform detection */
|
||||
|
||||
|
@ -74,6 +62,22 @@
|
|||
#define MBEDTLS_ARCH_IS_X86
|
||||
#endif
|
||||
|
||||
/* This is defined if the architecture is Armv8-A, or higher */
|
||||
#if !defined(MBEDTLS_ARCH_IS_ARMV8_A)
|
||||
#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE)
|
||||
#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A')
|
||||
/* GCC, clang, armclang and IAR */
|
||||
#define MBEDTLS_ARCH_IS_ARMV8_A
|
||||
#endif
|
||||
#elif defined(__ARM_ARCH_8A)
|
||||
/* Alternative defined by clang */
|
||||
#define MBEDTLS_ARCH_IS_ARMV8_A
|
||||
#elif defined(_M_ARM64) || defined(_M_ARM64EC)
|
||||
/* MSVC ARM64 is at least Armv8.0-A */
|
||||
#define MBEDTLS_ARCH_IS_ARMV8_A
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
|
||||
#define _CRT_SECURE_NO_DEPRECATE 1
|
||||
#endif
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_CAMELLIA_H
|
||||
#define MBEDTLS_CAMELLIA_H
|
||||
|
|
|
@ -29,19 +29,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CCM_H
|
||||
|
|
|
@ -14,19 +14,7 @@
|
|||
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHACHA20_H
|
||||
|
|
|
@ -14,19 +14,7 @@
|
|||
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHACHAPOLY_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHECK_CONFIG_H
|
||||
|
@ -235,6 +223,15 @@
|
|||
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
|
||||
#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
|
||||
#endif
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
|
||||
#endif
|
||||
#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || \
|
||||
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
|
||||
|
@ -261,7 +258,7 @@
|
|||
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
|
||||
#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
|
||||
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
|
||||
|
@ -275,7 +272,7 @@
|
|||
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
|
||||
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
|
||||
#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
@ -796,7 +793,9 @@
|
|||
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C )
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
(defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || defined(PSA_HAVE_SOFT_BLOCK_AEAD)) && \
|
||||
!defined(MBEDTLS_CIPHER_C)
|
||||
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -879,25 +878,24 @@
|
|||
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
|
||||
defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
|
||||
#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"
|
||||
#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
|
||||
defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
|
||||
#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
|
||||
defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
|
||||
#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
|
||||
defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
|
||||
#if !defined(MBEDTLS_SHA256_C)
|
||||
#error "MBEDTLS_SHA256_USE_A64_CRYPTO_* defined without MBEDTLS_SHA256_C"
|
||||
#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
|
||||
#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*"
|
||||
#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && \
|
||||
!defined(__aarch64__) && !defined(_M_ARM64)
|
||||
#error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
|
||||
#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
|
||||
#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
|
||||
#endif
|
||||
|
||||
/* TLS 1.3 requires separate HKDF parts from PSA,
|
||||
|
@ -978,7 +976,8 @@
|
|||
#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_CIPHER_C)
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO))
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -1070,7 +1069,8 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TICKET_C) && \
|
||||
!( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
|
||||
!( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
|
||||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -1171,7 +1171,9 @@
|
|||
#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
|
||||
!( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
|
||||
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CIPHER_H
|
||||
|
@ -492,7 +480,7 @@ static inline size_t mbedtls_cipher_info_get_key_bitlen(
|
|||
if (info == NULL) {
|
||||
return 0;
|
||||
} else {
|
||||
return info->MBEDTLS_PRIVATE(key_bitlen) << MBEDTLS_KEY_BITLEN_SHIFT;
|
||||
return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CMAC_H
|
||||
|
|
|
@ -7,19 +7,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
|
|
|
@ -16,24 +16,19 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
|
||||
/* Temporary hack to pacify check_names.py.
|
||||
* (GCM and CCM still hard-depend on CIPHER_C for now.) */
|
||||
#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
|
||||
!defined(MBEDTLS_CIPHER_C)
|
||||
#define MBEDTLS_BLOCK_CIPHER_C
|
||||
#endif
|
||||
|
||||
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
|
||||
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
|
||||
*/
|
||||
|
@ -56,6 +51,120 @@
|
|||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
/*
|
||||
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
|
||||
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
|
||||
* (see below).
|
||||
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
|
||||
* via PSA (see below).
|
||||
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
|
||||
* via a direct legacy call (see below).
|
||||
*
|
||||
* The md module performs an algorithm via PSA if there is a PSA hash
|
||||
* accelerator and the PSA driver subsytem is initialized at the time the
|
||||
* operation is started, and makes a direct legacy call otherwise.
|
||||
*/
|
||||
|
||||
/* PSA accelerated implementations */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_MD5_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SHA1_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SHA224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SHA256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SHA384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SHA512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Built-in implementations */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_LIGHT */
|
||||
|
||||
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
||||
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
||||
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
||||
|
@ -192,4 +301,54 @@
|
|||
#define MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
#endif
|
||||
|
||||
/* Backwards compatibility for some macros which were renamed to reflect that
|
||||
* they are related to Armv8, not aarch64. */
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
|
||||
!defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
|
||||
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
|
||||
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
||||
#endif
|
||||
|
||||
/* Some internal helpers to determine which keys are availble. */
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
|
||||
#define MBEDTLS_SSL_HAVE_AES
|
||||
#endif
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
|
||||
#define MBEDTLS_SSL_HAVE_ARIA
|
||||
#endif
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
|
||||
#define MBEDTLS_SSL_HAVE_CAMELLIA
|
||||
#endif
|
||||
|
||||
/* Some internal helpers to determine which operation modes are availble. */
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
|
||||
#define MBEDTLS_SSL_HAVE_CBC
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
|
||||
#define MBEDTLS_SSL_HAVE_GCM
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
|
||||
#define MBEDTLS_SSL_HAVE_CCM
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
|
||||
#define MBEDTLS_SSL_HAVE_CHACHAPOLY
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
|
||||
#define MBEDTLS_SSL_HAVE_AEAD
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
|
||||
|
|
|
@ -10,19 +10,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
|
||||
|
@ -697,11 +685,9 @@
|
|||
#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
|
||||
(defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
|
||||
(defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
|
||||
defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
|
||||
(defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
|
||||
(defined(PSA_WANT_ALG_CBC_PKCS7) && \
|
||||
!defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
|
||||
(defined(PSA_WANT_ALG_ECB_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)) || \
|
||||
(defined(PSA_WANT_ALG_CBC_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
|
||||
(defined(PSA_WANT_ALG_CBC_PKCS7) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
|
||||
(defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
|
||||
#define PSA_HAVE_SOFT_BLOCK_MODE 1
|
||||
#endif
|
||||
|
@ -724,8 +710,7 @@
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_AES_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
|
@ -766,8 +751,15 @@
|
|||
#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
#endif /* PSA_WANT_KEY_TYPE_DES */
|
||||
|
||||
#if defined(PSA_WANT_ALG_STREAM_CIPHER)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif /* MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER */
|
||||
#endif /* PSA_WANT_ALG_STREAM_CIPHER */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#define MBEDTLS_CHACHA20_C
|
||||
#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
|
||||
|
@ -783,10 +775,6 @@
|
|||
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_STREAM_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif /* PSA_WANT_ALG_STREAM_CIPHER */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CBC_MAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
|
||||
#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
|
||||
|
@ -796,8 +784,7 @@
|
|||
|
||||
#if defined(PSA_WANT_ALG_CMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define MBEDTLS_CMAC_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
|
||||
|
@ -860,11 +847,20 @@
|
|||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
|
||||
#define MBEDTLS_CCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CCM */
|
||||
|
||||
#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
|
||||
#define MBEDTLS_CCM_C
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */
|
||||
|
||||
#if defined(PSA_WANT_ALG_GCM)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
|
||||
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
|
|
|
@ -12,19 +12,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
|
||||
|
@ -238,9 +226,12 @@
|
|||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
#define PSA_WANT_KEY_TYPE_CHACHA20 1
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
/* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
#define PSA_WANT_ALG_STREAM_CIPHER 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
|
||||
#endif
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
|
||||
|
|
|
@ -11,19 +11,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
|
||||
|
|
|
@ -16,19 +16,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
|
||||
|
|
|
@ -16,19 +16,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
|
||||
|
|
|
@ -12,19 +12,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONFIG_PSA_H
|
||||
|
|
|
@ -3,19 +3,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CONSTANT_TIME_H
|
||||
|
|
|
@ -23,19 +23,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CTR_DRBG_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_DEBUG_H
|
||||
#define MBEDTLS_DEBUG_H
|
||||
|
@ -132,7 +120,12 @@
|
|||
/* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||
|
||||
#if !defined(MBEDTLS_PRINTF_MS_TIME)
|
||||
#include <inttypes.h>
|
||||
#if !defined(PRId64)
|
||||
#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG
|
||||
#else
|
||||
#define MBEDTLS_PRINTF_MS_TIME PRId64
|
||||
#endif
|
||||
#endif /* MBEDTLS_PRINTF_MS_TIME */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_DES_H
|
||||
|
|
|
@ -45,19 +45,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_DHM_H
|
||||
|
|
|
@ -14,19 +14,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDH_H
|
||||
|
|
|
@ -12,19 +12,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECDSA_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_ECJPAKE_H
|
||||
#define MBEDTLS_ECJPAKE_H
|
||||
|
|
|
@ -16,19 +16,7 @@
|
|||
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECP_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_ENTROPY_H
|
||||
#define MBEDTLS_ENTROPY_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_ERROR_H
|
||||
#define MBEDTLS_ERROR_H
|
||||
|
|
|
@ -13,19 +13,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_GCM_H
|
||||
|
|
|
@ -8,19 +8,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_HKDF_H
|
||||
#define MBEDTLS_HKDF_H
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_HMAC_DRBG_H
|
||||
#define MBEDTLS_HMAC_DRBG_H
|
||||
|
|
|
@ -10,19 +10,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_LMS_H
|
||||
#define MBEDTLS_LMS_H
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -754,6 +742,9 @@
|
|||
* contexts and therefore is a compatibility break for applications that access
|
||||
* fields of a mbedtls_ecdh_context structure directly. See also
|
||||
* MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
|
||||
*
|
||||
* The Everest code is provided under the Apache 2.0 license only; therefore enabling this
|
||||
* option is not compatible with taking the library under the GPL v2.0-or-later license.
|
||||
*/
|
||||
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
|
||||
|
@ -3289,14 +3280,14 @@
|
|||
#define MBEDTLS_SHA256_C
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
* \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
||||
*
|
||||
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions if they are available at runtime.
|
||||
* If not, the library will fall back to the C implementation.
|
||||
*
|
||||
* \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
|
||||
* for a non-Aarch64 build it will be silently ignored.
|
||||
* \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
|
||||
* for a non-Armv8-A build it will be silently ignored.
|
||||
*
|
||||
* \note Minimum compiler versions for this feature are Clang 4.0,
|
||||
* armclang 6.6 or GCC 6.0.
|
||||
|
@ -3304,27 +3295,40 @@
|
|||
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
|
||||
* armclang <= 6.9
|
||||
*
|
||||
* \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
|
||||
* same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
|
||||
* \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
|
||||
* That name is deprecated, but may still be used as an alternative form for this
|
||||
* option.
|
||||
*
|
||||
* \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
|
||||
* same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
|
||||
*
|
||||
* Requires: MBEDTLS_SHA256_C.
|
||||
*
|
||||
* Module: library/sha256.c
|
||||
*
|
||||
* Uncomment to have the library check for the A64 SHA-256 crypto extensions
|
||||
* Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
|
||||
* and use them if available.
|
||||
*/
|
||||
//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
*
|
||||
* \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
|
||||
* This name is now deprecated, but may still be used as an alternative form for
|
||||
* this option.
|
||||
*/
|
||||
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
||||
* \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
||||
*
|
||||
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
|
||||
* with the ARMv8 cryptographic extensions, which must be available at runtime
|
||||
* or else an illegal instruction fault will occur.
|
||||
*
|
||||
* \note This allows builds with a smaller code size than with
|
||||
* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
|
||||
* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
|
||||
*
|
||||
* \note Minimum compiler versions for this feature are Clang 4.0,
|
||||
* armclang 6.6 or GCC 6.0.
|
||||
|
@ -3332,16 +3336,29 @@
|
|||
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
|
||||
* armclang <= 6.9
|
||||
*
|
||||
* \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
|
||||
* time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
|
||||
* \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
|
||||
* That name is deprecated, but may still be used as an alternative form for this
|
||||
* option.
|
||||
*
|
||||
* \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
|
||||
* time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
|
||||
*
|
||||
* Requires: MBEDTLS_SHA256_C.
|
||||
*
|
||||
* Module: library/sha256.c
|
||||
*
|
||||
* Uncomment to have the library use the A64 SHA-256 crypto extensions
|
||||
* Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
|
||||
* unconditionally.
|
||||
*/
|
||||
//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
||||
*
|
||||
* \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
|
||||
* This name is now deprecated, but may still be used as an alternative form for
|
||||
* this option.
|
||||
*/
|
||||
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
|
||||
|
||||
/**
|
||||
|
@ -4085,7 +4102,7 @@
|
|||
* \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
|
||||
*
|
||||
* The default maximum amount of 0-RTT data. See the documentation of
|
||||
* \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
|
||||
* \c mbedtls_ssl_conf_max_early_data_size() for more information.
|
||||
*
|
||||
* It must be positive and smaller than UINT32_MAX.
|
||||
*
|
||||
|
@ -4101,20 +4118,23 @@
|
|||
/**
|
||||
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
|
||||
*
|
||||
* Maximum time difference in milliseconds tolerated between the age of a
|
||||
* ticket from the server and client point of view.
|
||||
* From the client point of view, the age of a ticket is the time difference
|
||||
* between the time when the client proposes to the server to use the ticket
|
||||
* (time of writing of the Pre-Shared Key Extension including the ticket) and
|
||||
* the time the client received the ticket from the server.
|
||||
* From the server point of view, the age of a ticket is the time difference
|
||||
* between the time when the server receives a proposition from the client
|
||||
* to use the ticket and the time when the ticket was created by the server.
|
||||
* The server age is expected to be always greater than the client one and
|
||||
* MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
|
||||
* maximum difference tolerated for the server to accept the ticket.
|
||||
* This is not used in TLS 1.2.
|
||||
* Maximum allowed ticket age difference in milliseconds tolerated between
|
||||
* server and client. Default value is 6000. This is not used in TLS 1.2.
|
||||
*
|
||||
* - The client ticket age is the time difference between the time when the
|
||||
* client proposes to the server to use the ticket and the time the client
|
||||
* received the ticket from the server.
|
||||
* - The server ticket age is the time difference between the time when the
|
||||
* server receives a proposition from the client to use the ticket and the
|
||||
* time when the ticket was created by the server.
|
||||
*
|
||||
* The ages might be different due to the client and server clocks not running
|
||||
* at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
|
||||
* per million (360 to 72 milliseconds per hour). Default tolerance window is
|
||||
* 6s, thus in the worst case clients and servers must sync up their system time
|
||||
* every 6000/360/2~=8 hours.
|
||||
*
|
||||
* See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
|
||||
|
||||
|
|
|
@ -8,19 +8,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_MD_H
|
||||
|
@ -32,120 +20,6 @@
|
|||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
|
||||
/*
|
||||
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
|
||||
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
|
||||
* (see below).
|
||||
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
|
||||
* via PSA (see below).
|
||||
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
|
||||
* via a direct legacy call (see below).
|
||||
*
|
||||
* The md module performs an algorithm via PSA if there is a PSA hash
|
||||
* accelerator and the PSA driver subsytem is initialized at the time the
|
||||
* operation is started, and makes a direct legacy call otherwise.
|
||||
*/
|
||||
|
||||
/* PSA accelerated implementations */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_MD5_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SHA1_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SHA224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SHA256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SHA384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SHA512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Built-in implementations */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_LIGHT */
|
||||
|
||||
/** The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
|
||||
/** Bad input parameters to function. */
|
||||
|
|
|
@ -9,19 +9,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_MD5_H
|
||||
#define MBEDTLS_MD5_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
|
||||
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
|
||||
|
|
|
@ -21,19 +21,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_NET_SOCKETS_H
|
||||
#define MBEDTLS_NET_SOCKETS_H
|
||||
|
|
|
@ -17,19 +17,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_NIST_KW_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_OID_H
|
||||
#define MBEDTLS_OID_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PEM_H
|
||||
#define MBEDTLS_PEM_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PK_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PKCS12_H
|
||||
#define MBEDTLS_PKCS12_H
|
||||
|
|
|
@ -7,19 +7,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PKCS5_H
|
||||
#define MBEDTLS_PKCS5_H
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -21,19 +21,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_H
|
||||
#define MBEDTLS_PLATFORM_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_TIME_H
|
||||
#define MBEDTLS_PLATFORM_TIME_H
|
||||
|
|
|
@ -6,19 +6,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
#ifndef MBEDTLS_PLATFORM_UTIL_H
|
||||
#define MBEDTLS_PLATFORM_UTIL_H
|
||||
|
|
|
@ -14,19 +14,7 @@
|
|||
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_POLY1305_H
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PRIVATE_ACCESS_H
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue