Declare ECP_RESTARTABLE and USE_PSA compatible

This is only the beginning:
- some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh
will be fixed in the next few commits;
- then the interactions between those options will be documented and
tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-12-05 12:54:11 +01:00
parent 2b7ad6472b
commit ad27b8074f
3 changed files with 4 additions and 5 deletions

View file

@ -114,15 +114,14 @@
#endif #endif
#if defined(MBEDTLS_ECP_RESTARTABLE) && \ #if defined(MBEDTLS_ECP_RESTARTABLE) && \
( defined(MBEDTLS_USE_PSA_CRYPTO) || \ ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \
defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \
defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \
defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \
defined(MBEDTLS_ECP_INTERNAL_ALT) || \ defined(MBEDTLS_ECP_INTERNAL_ALT) || \
defined(MBEDTLS_ECP_ALT) ) defined(MBEDTLS_ECP_ALT) )
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation" #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
#endif #endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)

View file

@ -707,6 +707,8 @@
* - generation of our signature if client authentication is used, with an * - generation of our signature if client authentication is used, with an
* ECC key/certificate. * ECC key/certificate.
* *
* TODO: document interation with USE_PSA_CRYPTO
*
* \note In the cases above, the usual SSL/TLS functions, such as * \note In the cases above, the usual SSL/TLS functions, such as
* mbedtls_ssl_handshake(), can now return * mbedtls_ssl_handshake(), can now return
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
@ -1928,7 +1930,6 @@
* before calling any function from the SSL/TLS, X.509 or PK modules. * before calling any function from the SSL/TLS, X.509 or PK modules.
* *
* Requires: MBEDTLS_PSA_CRYPTO_C. * Requires: MBEDTLS_PSA_CRYPTO_C.
* Conflicts with: MBEDTLS_ECP_RESTARTABLE
* *
* Uncomment this to enable internal use of PSA Crypto and new associated APIs. * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
*/ */

View file

@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation
'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_HAVE_SSE2', # hardware dependency
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C