The PSA cryptography repository is based to
start with on the PSA cryptography implementation
in Mbed TLS but with a different directority
structure, build system and build configuration.
The build-time configuration information in the
PSA cryptography repository is psa/build_info.h.
This commit introduces this file in Mbed TLS to
be used in place of mbedtls/build_info.h (but
basically just an alias to it) in PSA headers.
This is to ease the update of the PSA cryptography
repository.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move key derivation builtin and driver contexts
to specific header files as key derivation
contexts depend both on primitive and composite
crypto algorithms contexts.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The structures related to CMAC, GCM, CCM and
CHACHAPOLY operations are defined in
crypto_builtin_composites.h not in
crypto_struct.h. Thus move the cmac.h, gcm.h,
ccm.h and chachapoly.h header inclusions from
crypto_struct.h to crypto_builtin_composites.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This part is specific to 1.3 and directly calls PSA APIs regardless of
whether MBEDTLS_USE_PSA_CRYPTO is defined, so use PSA_WANT. Note: the
code is already using PSA_WANT everywhere in ssl_tls13*.c.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Previous PRs update check_config.h correctly, but forgot the
documentation in mbedtls_config.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA was removed in
development and replaced with MBEDTLS_MD_CAN_SHA384.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The check in check_config.h was fixed in a previous PR, but the
documentation hadn't been updated accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)
So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
