Declare ECP_RESTARTABLE and USE_PSA compatible
This is only the beginning: - some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh will be fixed in the next few commits; - then the interactions between those options will be documented and tested. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
2b7ad6472b
commit
ad27b8074f
3 changed files with 4 additions and 5 deletions
|
@ -114,15 +114,14 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
|
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
|
||||||
( defined(MBEDTLS_USE_PSA_CRYPTO) || \
|
( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
|
||||||
defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
|
|
||||||
defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
|
defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
|
||||||
defined(MBEDTLS_ECDSA_SIGN_ALT) || \
|
defined(MBEDTLS_ECDSA_SIGN_ALT) || \
|
||||||
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
|
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
|
||||||
defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
|
defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
|
||||||
defined(MBEDTLS_ECP_INTERNAL_ALT) || \
|
defined(MBEDTLS_ECP_INTERNAL_ALT) || \
|
||||||
defined(MBEDTLS_ECP_ALT) )
|
defined(MBEDTLS_ECP_ALT) )
|
||||||
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
|
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
|
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
|
||||||
|
|
|
@ -707,6 +707,8 @@
|
||||||
* - generation of our signature if client authentication is used, with an
|
* - generation of our signature if client authentication is used, with an
|
||||||
* ECC key/certificate.
|
* ECC key/certificate.
|
||||||
*
|
*
|
||||||
|
* TODO: document interation with USE_PSA_CRYPTO
|
||||||
|
*
|
||||||
* \note In the cases above, the usual SSL/TLS functions, such as
|
* \note In the cases above, the usual SSL/TLS functions, such as
|
||||||
* mbedtls_ssl_handshake(), can now return
|
* mbedtls_ssl_handshake(), can now return
|
||||||
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
|
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
|
||||||
|
@ -1928,7 +1930,6 @@
|
||||||
* before calling any function from the SSL/TLS, X.509 or PK modules.
|
* before calling any function from the SSL/TLS, X.509 or PK modules.
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
||||||
* Conflicts with: MBEDTLS_ECP_RESTARTABLE
|
|
||||||
*
|
*
|
||||||
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
|
* Uncomment this to enable internal use of PSA Crypto and new associated APIs.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([
|
||||||
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
|
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
|
||||||
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
|
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
|
||||||
'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation
|
'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation
|
||||||
'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
|
|
||||||
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
|
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
|
||||||
'MBEDTLS_HAVE_SSE2', # hardware dependency
|
'MBEDTLS_HAVE_SSE2', # hardware dependency
|
||||||
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
|
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
|
||||||
|
|
Loading…
Reference in a new issue