From ad27b8074f4196102291645d6aacaa96e21a4dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Dec 2022 12:54:11 +0100 Subject: [PATCH] Declare ECP_RESTARTABLE and USE_PSA compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is only the beginning: - some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh will be fixed in the next few commits; - then the interactions between those options will be documented and tested. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 5 ++--- include/mbedtls/mbedtls_config.h | 3 ++- scripts/config.py | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7f5558087..e2f8e6270 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -114,15 +114,14 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ + ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ defined(MBEDTLS_ECP_INTERNAL_ALT) || \ defined(MBEDTLS_ECP_ALT) ) -#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation" +#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b5f0bf2b4..219dd4539 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -707,6 +707,8 @@ * - generation of our signature if client authentication is used, with an * ECC key/certificate. * + * TODO: document interation with USE_PSA_CRYPTO + * * \note In the cases above, the usual SSL/TLS functions, such as * mbedtls_ssl_handshake(), can now return * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. @@ -1928,7 +1930,6 @@ * before calling any function from the SSL/TLS, X.509 or PK modules. * * Requires: MBEDTLS_PSA_CRYPTO_C. - * Conflicts with: MBEDTLS_ECP_RESTARTABLE * * Uncomment this to enable internal use of PSA Crypto and new associated APIs. */ diff --git a/scripts/config.py b/scripts/config.py index 7e58acd0a..a53c470f0 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation - 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C