cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-11 06:25:01 -04:00
Code Issues Packages Projects Releases Wiki Activity
32,154 Commits 7 Branches 115 Tags
Commit Graph

52 Commits

Author SHA1 Message Date
Gilles Peskine
9863b04dec Make MBEDTLS_USE_PSA_CRYPTO no longer a selectable option 
The macro MBEDTLS_USE_PSA_CRYPTO is now always defined. It is no longer a
configuration option.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-30 14:23:16 +01:00
Elena Uziunaite
9b0bdd0590 Remove MBEDTLS_ECP_HAVE_xxx and MBEDTLS_MD_CAN_xxx 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
7f85f1f958 Cosmetic changes 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
05fe6e472e Remove MBEDTLS_MD_CAN_SHA512 from header files 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
3b84b2e28c Remove legacy symbol definitions pt 2 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
c0d6943b7f Replace legacy symbols in config files 
Replace symbols that were left over in config_adjust_*.h and
check_config.h

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
e4669a5753 Remove legacy symbol definitions pt 1 
Remove straightforward definitions that only appear in
config_adjust_legacy_crypto.h

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
9c6476461f Remove definitions of MBEDTLS_PK_CAN/HAVE_ECDSA* 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Ronald Cron
8c95999b38
Merge pull request #9544 from eleuzi01/replace-224k1 
Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224
 2024-09-06 15:15:35 +00:00
Elena Uziunaite
63cb13e494 Replace MBEDTLS_ECP_HAVE_SECP224K1 with PSA_WANT_ECC_SECP_K1_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-05 12:43:14 +01:00
Elena Uziunaite
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-04 18:12:59 +01:00
Wenxing Hou
b4d03cc179 Fix some typo for include folder 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
 2024-07-12 15:16:33 +08:00
Tom Cosgrove
98ffc8e7c3
Merge pull request #9178 from valeriosetti/fix-psa-cmac 
adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin
 2024-06-03 15:35:32 +00:00
Gilles Peskine
9df7806b37 Tweak wording 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-29 09:44:20 +02:00
Gilles Peskine
0b8ece6beb Error out if *adjust* headers are included manually 
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet. This has led some
projects to include configuration adjustment headers manually, but only
partially or in the wrong order, which can result in silent inconsistencies.
Error out if this happens, with a message mentioning check_config.h since
that's the likely root cause.

```
perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n    \"up to and including runtime errors such as buffer overflows. \" \\\n    \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n    \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n    \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-29 09:44:20 +02:00
Gilles Peskine
975e74cb1f Document check-config.h and *adjust*.h as internal headers 
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.

Including check_config.h at the wrong time is likely to cause spurious
errors.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-29 09:44:20 +02:00
Valerio Setti
a37ea269a9 adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin 
psa_crypto_mac.c uses mbedtls_cipher_xxx() functions to perform
CMAC operations. Therefore we need to enable CIPHER_C when
PSA CMAC is builtin.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-05-24 14:37:05 +02:00
Valerio Setti
89f5af84af adjust_legacy_crypto: enable ASN1_[PARSE|WRITE]_C when RSA_C 
RSA needs ASN1 functions to parse/write private and public keys,
but there is no guards in the code for that. So we need to enable
ASN1 support whenever RSA is enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-18 18:47:34 +02:00
Manuel Pégourié-Gonnard
cd376dbec8
Merge pull request #8802 from mpg/adjust-vs-check 
Misc. clean-ups in `check_config.h`
 2024-02-13 08:45:18 +00:00
Manuel Pégourié-Gonnard
1463e49a3c Move config adjustment to config_adjust 
After this change, check_config.h does not have any #defined except:
- the standard header double-inclusion guard
- short-lived helpers that are #undef-ed in the same paragraph

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-02-08 12:55:52 +01:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1 
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
 2024-02-08 08:45:30 +00:00
Valerio Setti
bcf0fc5119 adjust_legacy_crypto: add parenthesis to improve clarity 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-26 14:53:28 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-24 16:26:35 +01:00
Valerio Setti
2ddabb34d6 config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-24 12:36:37 +01:00
Valerio Setti
9772642b8c adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 07:23:33 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti
bfa675fe48 adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:52:08 +01:00
Valerio Setti
4a5d57d225 adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available 
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
2684e3f2e3 config_adjust_legacy_crypto: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
8bba087fe1 adjust_legacy_crypto: add helpers for block ciphers capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Manuel Pégourié-Gonnard
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060 
[G2] Make CCM and GCM work with the new block_cipher module
 2023-11-28 08:18:45 +00:00
Valerio Setti
dbfd6a9f62 adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 10:56:00 +01:00
Yanray Wang
4ed8691f6d ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard
5f3361c0c6 Temporary hack to pacify check_names.py 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 12:24:11 +01:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
514590210b Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-23 15:35:07 +01:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257 
Improve location of MD_CAN macros
 2023-10-18 14:31:28 +00:00
Valerio Setti
e570704f1f ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-12 10:39:37 +02:00
Dave Rodgman
b0d9830373
Merge branch 'development' into sha-armce-thumb2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 13:53:41 +01:00
Dave Rodgman
be7915aa6c Revert renaming of SHA512 options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 10:59:05 +01:00
Dave Rodgman
5b89c55bb8 Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 15:14:57 +01:00
Dave Rodgman
c5861d5bf2 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 14:01:54 +01:00
Dave Rodgman
6ab314f71d More config option renaming 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 14:00:17 +01:00
Dave Rodgman
94a634db96 Rename A64 config options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 12:59:29 +01:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation 
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-10-06 17:07:24 +01:00
Valerio Setti
85d2a98549 md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-06 16:04:49 +02:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
67d82e742b build_info: add helpers to signal some support for a specific curve 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00