From f4c6eb0a4983a34bdcf0c9c27e01a920f63df063 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 16 Mar 2022 17:10:48 +0100 Subject: [PATCH] Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to include instead of "psa/crypto_config.h", and an additional file to include after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_crypto_config_file.txt | 6 +++++ include/mbedtls/config_psa.h | 8 ++++++ include/mbedtls/mbedtls_config.h | 36 ++++++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 ChangeLog.d/psa_crypto_config_file.txt diff --git a/ChangeLog.d/psa_crypto_config_file.txt b/ChangeLog.d/psa_crypto_config_file.txt new file mode 100644 index 000000000..98c176135 --- /dev/null +++ b/ChangeLog.d/psa_crypto_config_file.txt @@ -0,0 +1,6 @@ +Features + * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto + requirements in the file named by the new macro + MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. + Furthermore you may name an additional file to include after the main + file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 68dda0f39..13e64dd78 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -31,9 +31,17 @@ #define MBEDTLS_CONFIG_PSA_H #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE +#else #include "psa/crypto_config.h" +#endif #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ +#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE) +#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 7f2a02747..a45598883 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1779,6 +1779,9 @@ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols * in mbedtls_config.h. * + * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies + * an alternative location to use instead of include/psa/crypto_config.h. + * * This feature is still experimental and is not ready for production since * it is not completed. */ @@ -3127,6 +3130,39 @@ */ //#define MBEDTLS_USER_CONFIG_FILE "/dev/null" +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_config.h"`. + * This header file specifies which cryptographic mechanisms are available + * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and + * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * + * This macro is expanded after an `#include` directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an `#include` line. + * + * The value of this symbol is typically a path in double quotes, relative + * to a directory on the include search pah. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE. + * + * This macro is expanded after an `#include` directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an `#include` line. + * + * The value of this symbol is typically a path in double quotes, relative + * to a directory on the include search pah. + */ +//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" + /* MPI / BIGNUM options */ //#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */