Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
diff --git a/.travis.yml b/.travis.yml
index 719654c..f411ec3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -171,7 +171,7 @@
env:
global:
- SEED=1
- - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
+ - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo="
install:
- $PYTHON scripts/min_requirements.py
diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h
index d53f87f..77003be 100644
--- a/3rdparty/everest/include/everest/vs2013/inttypes.h
+++ b/3rdparty/everest/include/everest/vs2013/inttypes.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _INTTYPES_H_VS2010
diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h
index 5b7039c..dcae6d8 100644
--- a/3rdparty/everest/include/everest/vs2013/stdbool.h
+++ b/3rdparty/everest/include/everest/vs2013/stdbool.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _STDBOOL_H_VS2010
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
index 7a973dc..ef314d2 100644
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X25519_H
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index 957294f..a778160 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _BSD_SOURCE
/* Required to get htole64() from gcc/glibc's endian.h (older systems)
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
index 9faa9ab..83064dc 100644
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
index 53d306f..693cc6d 100644
--- a/3rdparty/p256-m/p256-m/p256-m.c
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -7,6 +7,7 @@
*/
#include "p256-m.h"
+#include "mbedtls/platform_util.h"
#include "psa/crypto.h"
#include <stdio.h>
#include <stdlib.h>
@@ -17,12 +18,7 @@
/*
* Zeroize memory - this should not be optimized away
*/
-static void zeroize(void *d, size_t n)
-{
- volatile char *p = d;
- while( n-- )
- *p++ = 0;
-}
+#define zeroize mbedtls_platform_zeroize
/*
* Helpers to test constant-time behaviour with valgrind or MemSan.
@@ -199,10 +195,12 @@
* Currently assembly optimisations are only supported with GCC/Clang for
* Arm's Cortex-A and Cortex-M lines of CPUs, which start with the v6-M and
* v7-M architectures. __ARM_ARCH_PROFILE is not defined for v6 and earlier.
+ * Thumb and 32-bit assembly is supported; aarch64 is not supported.
*/
#if defined(__GNUC__) &&\
defined(__ARM_ARCH) && __ARM_ARCH >= 6 && defined(__ARM_ARCH_PROFILE) && \
- ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */
+ ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */ && \
+ !defined(__aarch64__)
/*
* This set of CPUs is conveniently partitioned as follows:
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h
index 18c677a..9522ced 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.h
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h
@@ -31,7 +31,7 @@
/** Generate SECP256R1 ECC Key Pair.
* Interface function which calls the p256-m key generation function and
- * places it in the key buffer provided by the caller (mbed TLS) in the
+ * places it in the key buffer provided by the caller (Mbed TLS) in the
* correct format. For a SECP256R1 curve this is the 32 bit private key.
*
* \param[in] attributes The attributes of the key to use for the
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4d7e0b0..1216c72 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,14 +34,14 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" LANGUAGES C CXX)
+ project("Mbed TLS" LANGUAGES C CXX)
else()
- project("mbed TLS" LANGUAGES C)
+ project("Mbed TLS" LANGUAGES C)
endif()
include(GNUInstallDirs)
-# Determine if mbed TLS is being built as a subproject using add_subdirectory()
+# Determine if Mbed TLS is being built as a subproject using add_subdirectory()
if(NOT DEFINED MBEDTLS_AS_SUBPROJECT)
set(MBEDTLS_AS_SUBPROJECT ON)
if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
@@ -52,7 +52,7 @@
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
@@ -71,9 +71,9 @@
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+ option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
- option(ENABLE_TESTING "Build mbed TLS tests." ON)
+ option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3a8c5c6..8454fb8 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -84,8 +84,14 @@
License and Copyright
---------------------
-All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. For licensing details, please see the [License section of the README](README.md#License).
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license.
+
+Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses.
+
+All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
-When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and be subject to the same Apache 2.0 license. This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
+When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and is submitted under both the Apache-2.0 AND GPL-2.0-or-later licenses.
+
+This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
diff --git a/ChangeLog.d/config_psa-include-order.txt b/ChangeLog.d/config_psa-include-order.txt
new file mode 100644
index 0000000..674c286
--- /dev/null
+++ b/ChangeLog.d/config_psa-include-order.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
+ enabled, where some low-level modules required by requested PSA crypto
+ features were not getting automatically enabled. Fixes #7420.
diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt
new file mode 100644
index 0000000..0dc2623
--- /dev/null
+++ b/ChangeLog.d/fix-iar-compiler-warnings.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix IAR compiler warnings.
diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization b/ChangeLog.d/fix-tls-padbuf-zeroization
new file mode 100644
index 0000000..36451cb
--- /dev/null
+++ b/ChangeLog.d/fix-tls-padbuf-zeroization
@@ -0,0 +1,4 @@
+Security
+ * Fix a case where potentially sensitive information held in memory would not
+ be completely zeroized during TLS 1.2 handshake, in both server and client
+ configurations.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
new file mode 100644
index 0000000..dc8395d
--- /dev/null
+++ b/ChangeLog.d/initialize-struct-get-other-name.txt
@@ -0,0 +1,8 @@
+Bugfix
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
diff --git a/ChangeLog.d/tls13-custom-config.txt b/ChangeLog.d/tls13-custom-config.txt
new file mode 100644
index 0000000..da2e25d
--- /dev/null
+++ b/ChangeLog.d/tls13-custom-config.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix undefined symbols in some builds using TLS 1.3 with a custom
+ configuration file.
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index dfa0f07..af0578a 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: mbed TLS-test
+BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/README.md b/README.md
index cbdb2df3..a3fcd2e 100644
--- a/README.md
+++ b/README.md
@@ -307,13 +307,14 @@
License
-------
-Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information.
### Third-party code included in Mbed TLS
+
This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below:
* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
-* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by the project under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project.
+* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by Mbed TLS under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project.
Contributing
------------
diff --git a/configs/README.txt b/configs/README.txt
index 9e5a243..86496db 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -21,4 +21,4 @@
make
Note that the second method also works if you want to keep your custom
-configuration file outside the mbed TLS tree.
+configuration file outside the Mbed TLS tree.
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 31fab4e..1964e8e 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -33,7 +33,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -47,7 +47,7 @@
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 89898b3..56a700f 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -37,13 +37,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 0652136..e05b557 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -35,7 +35,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -46,7 +46,7 @@
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 7fd5dde..c8a47d9 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v3.4.1"
+PROJECT_NAME = "Mbed TLS v3.4.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index e693bc1..e11e271 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,4 +1,4 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 3ba1777..eb8446e 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -186,6 +186,15 @@
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
#endif /* !MBEDTLS_HAVE_INT64 */
+/*
+ * Sanity check that exactly one of MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 is defined,
+ * so that code elsewhere doesn't have to check.
+ */
+#if (!(defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64))) || \
+ (defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64))
+#error "Only 32-bit or 64-bit limbs are supported in bignum"
+#endif
+
/** \typedef mbedtls_mpi_uint
* \brief The type of machine digits in a bignum, called _limbs_.
*
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index c0424da..533e076 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -47,7 +47,32 @@
*/
#define MBEDTLS_VERSION_NUMBER 0x03040100
#define MBEDTLS_VERSION_STRING "3.4.1"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.4.1"
+
+/* Macros for build-time platform detection */
+
+#if !defined(MBEDTLS_ARCH_IS_ARM64) && \
+ (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_ARCH_IS_ARM64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_ARM32) && \
+ (defined(__arm__) || defined(_M_ARM) || \
+ defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_ARCH_IS_ARM32
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X64) && \
+ (defined(__amd64__) || defined(__x86_64__) || \
+ ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)))
+#define MBEDTLS_ARCH_IS_X64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X86) && \
+ (defined(__i386__) || defined(_X86_) || \
+ (defined(_M_IX86) && !defined(_M_I86)))
+#define MBEDTLS_ARCH_IS_X86
+#endif
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
@@ -120,165 +145,11 @@
#include "mbedtls/config_psa.h"
#endif
-/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
- * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
- */
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_MD_LIGHT
-#endif
+#include "mbedtls/config_adjust_legacy_crypto.h"
-/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
- * in a previous release, to ensure backwards compatibility.
- */
-#if defined(MBEDTLS_ECJPAKE_C) || \
- defined(MBEDTLS_PEM_PARSE_C) || \
- defined(MBEDTLS_ENTROPY_C) || \
- defined(MBEDTLS_PK_C) || \
- defined(MBEDTLS_PKCS12_C) || \
- defined(MBEDTLS_RSA_C) || \
- defined(MBEDTLS_SSL_TLS_C) || \
- defined(MBEDTLS_X509_USE_C) || \
- defined(MBEDTLS_X509_CREATE_C)
-#define MBEDTLS_MD_LIGHT
-#endif
+#include "mbedtls/config_adjust_x509.h"
-/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
- * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
- * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
- * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
- * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
- * these features are not supported in PSA so the only way to have them is
- * to enable the built-in solution.
- * Both of them are temporary dependencies:
- * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
- * - support for compressed points should also be added to PSA, but in this
- * case there is no associated issue to track it yet.
- * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
- * still depends on ECP_LIGHT.
- * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
- * be fixed by #7453.
- */
-#if defined(MBEDTLS_ECP_C) || \
- defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
- defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define MBEDTLS_ECP_LIGHT
-#endif
-
-/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
- * in previous version compressed points were automatically supported as long
- * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
- * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
- * are met. */
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_PARSE_EC_COMPRESSED
-#endif
-
-/* Helper symbol to state that there is support for ECDH, either through
- * library implementation (ECDH_C) or through PSA. */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
- (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
-#define MBEDTLS_CAN_ECDH
-#endif
-
-/* PK module can achieve ECDSA functionalities by means of either software
- * implementations (ECDSA_C) or through a PSA driver. The following defines
- * are meant to list these capabilities in a general way which abstracts how
- * they are implemented under the hood. */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* MBEDTLS_ECDSA_C */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(PSA_WANT_ALG_ECDSA)
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_ALG_ECDSA */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
-#define MBEDTLS_PK_CAN_ECDSA_SOME
-#endif
-
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/* The PK wrappers need pk_write functions to format RSA key objects
- * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
- * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_PARSE_C
-#endif
-
-/* Helper symbol to state that the PK module has support for EC keys. This
- * can either be provided through the legacy ECP solution or through the
- * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
-#if defined(MBEDTLS_ECP_C) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
-#define MBEDTLS_PK_HAVE_ECC_KEYS
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
-
-/* The following blocks make it easier to disable all of TLS,
- * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
- * key exchanges, options and extensions related to them. */
-
-#if !defined(MBEDTLS_SSL_TLS_C)
-#undef MBEDTLS_SSL_CLI_C
-#undef MBEDTLS_SSL_SRV_C
-#undef MBEDTLS_SSL_PROTO_TLS1_3
-#undef MBEDTLS_SSL_PROTO_TLS1_2
-#undef MBEDTLS_SSL_PROTO_DTLS
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_DTLS)
-#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
-#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#undef MBEDTLS_SSL_DTLS_SRTP
-#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#undef MBEDTLS_SSL_RENEGOTIATION
-#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-#endif
-
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
-#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-#undef MBEDTLS_SSL_EARLY_DATA
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
- (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
-#define MBEDTLS_SSL_TLS1_2_SOME_ECC
-#endif
+#include "mbedtls/config_adjust_ssl.h"
/* Make sure all configuration symbols are set before including check_config.h,
* even the ones that are calculated programmatically. */
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 6c22552..a1f601f 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -77,7 +77,8 @@
typedef struct mbedtls_ccm_context {
unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */
unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
+ state. Used for chunked data input */
size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */
size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */
size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */
@@ -87,15 +88,13 @@
and plaintext/ciphertext.
This variable is set to zero after
auth data input is finished. */
- unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */
- unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
+ unsigned int MBEDTLS_PRIVATE(q); /*!< The Q working value */
+ unsigned int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_CCM_ENCRYPT or
#MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
- int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
- state. Used for chunked data
- input */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index ca267bd..5ea7b94 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -30,7 +30,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#error "Mbed TLS requires a platform with 8-bit chars"
#endif
#include <stdint.h>
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
new file mode 100644
index 0000000..3f0ce45
--- /dev/null
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -0,0 +1,146 @@
+/**
+ * \file mbedtls/config_adjust_legacy_crypto.h
+ * \brief Adjust legacy configuration configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+
+/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
+ * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
+ */
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
+ * in a previous release, to ensure backwards compatibility.
+ */
+#if defined(MBEDTLS_ECJPAKE_C) || \
+ defined(MBEDTLS_PEM_PARSE_C) || \
+ defined(MBEDTLS_ENTROPY_C) || \
+ defined(MBEDTLS_PK_C) || \
+ defined(MBEDTLS_PKCS12_C) || \
+ defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_SSL_TLS_C) || \
+ defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_X509_CREATE_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
+ * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
+ * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
+ * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
+ * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
+ * these features are not supported in PSA so the only way to have them is
+ * to enable the built-in solution.
+ * Both of them are temporary dependencies:
+ * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
+ * - support for compressed points should also be added to PSA, but in this
+ * case there is no associated issue to track it yet.
+ * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
+ * still depends on ECP_LIGHT.
+ * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
+ * be fixed by #7453.
+ */
+#if defined(MBEDTLS_ECP_C) || \
+ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
+ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_ECP_LIGHT
+#endif
+
+/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
+ * in previous version compressed points were automatically supported as long
+ * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
+ * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
+ * are met. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
+
+/* Helper symbol to state that there is support for ECDH, either through
+ * library implementation (ECDH_C) or through PSA. */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
+ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
+#define MBEDTLS_CAN_ECDH
+#endif
+
+/* PK module can achieve ECDSA functionalities by means of either software
+ * implementations (ECDSA_C) or through a PSA driver. The following defines
+ * are meant to list these capabilities in a general way which abstracts how
+ * they are implemented under the hood. */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* MBEDTLS_ECDSA_C */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* PSA_WANT_ALG_ECDSA */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
+#define MBEDTLS_PK_CAN_ECDSA_SOME
+#endif
+
+/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
+ * is defined as well to include all PSA code.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* The PK wrappers need pk_write functions to format RSA key objects
+ * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
+ * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PK_PARSE_C
+#endif
+
+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
+#if defined(MBEDTLS_ECP_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
+#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h
new file mode 100644
index 0000000..471ba18
--- /dev/null
+++ b/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -0,0 +1,653 @@
+/**
+ * \file mbedtls/config_adjust_legacy_from_psa.h
+ * \brief Adjust PSA configuration: activate legacy implementations
+ *
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations
+ * of cryptographic mechanisms as needed to fulfill the needs of the PSA
+ * configuration. Generally speaking, we activate a legacy mechanism if
+ * it's needed for a requested PSA mechanism and there is no PSA driver
+ * for it.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
+#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+
+#if defined(PSA_WANT_ALG_ECDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
+#endif /* PSA_WANT_ALG_ECDH */
+
+#if defined(PSA_WANT_ALG_ECDSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
+#endif /* PSA_WANT_ALG_ECDSA */
+
+#if defined(PSA_WANT_ALG_FFDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
+#endif /* PSA_WANT_ALG_FFDH */
+
+#if defined(PSA_WANT_ALG_HKDF)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
+#endif /* PSA_WANT_ALG_HKDF */
+
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
+#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
+
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
+#endif /* PSA_WANT_ALG_HKDF_EXPAND */
+
+#if defined(PSA_WANT_ALG_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#endif /* PSA_WANT_ALG_HMAC */
+
+#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#define MBEDTLS_MD5_C
+#endif
+
+#if defined(PSA_WANT_ALG_JPAKE)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECJPAKE_C
+#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
+#endif /* PSA_WANT_ALG_JPAKE */
+
+#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#define MBEDTLS_RIPEMD160_C
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V21
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
+#endif /* PSA_WANT_ALG_RSA_OAEP */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V15
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V15
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+
+#if defined(PSA_WANT_ALG_RSA_PSS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS1_V21
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
+#endif /* PSA_WANT_ALG_RSA_PSS */
+
+#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#define MBEDTLS_SHA1_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#define MBEDTLS_SHA224_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#define MBEDTLS_SHA256_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#define MBEDTLS_SHA384_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#define MBEDTLS_SHA512_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
+#define MBEDTLS_SHA3_C
+#endif
+
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
+#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+
+#if defined(PSA_WANT_ALG_TLS12_PRF)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
+#endif /* PSA_WANT_ALG_TLS12_PRF */
+
+#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
+#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
+#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#define MBEDTLS_GENPRIME
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+
+/* If any of the block modes are requested that don't have an
+ * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
+ * in the block cipher key types. */
+#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
+ (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
+ (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
+ defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
+ (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_PKCS7) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
+ (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
+#define PSA_HAVE_SOFT_BLOCK_MODE 1
+#endif
+
+#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
+ (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
+#define PSA_HAVE_SOFT_BLOCK_AEAD 1
+#endif
+
+#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)
+#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1
+#define PSA_HAVE_SOFT_PBKDF2_CMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */
+#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
+
+#if defined(PSA_WANT_KEY_TYPE_AES)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
+ defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#define MBEDTLS_AES_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
+#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#define MBEDTLS_ARIA_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_ARIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
+#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
+ defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#define MBEDTLS_CAMELLIA_C
+#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
+#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#define MBEDTLS_DES_C
+#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
+#endif /* PSA_WANT_KEY_TYPE_DES */
+
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+#define MBEDTLS_CHACHA20_C
+#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+
+/* If any of the software block ciphers are selected, define
+ * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
+ * situations. */
+#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
+#endif
+
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+
+#if defined(PSA_WANT_ALG_CBC_MAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
+#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
+#endif /* PSA_WANT_ALG_CBC_MAC */
+
+#if defined(PSA_WANT_ALG_CMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
+ defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#define MBEDTLS_CMAC_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
+#endif /* PSA_WANT_ALG_CMAC */
+
+#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \
+ defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+#define PSA_HAVE_SOFT_PBKDF2 1
+#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */
+
+#if defined(PSA_WANT_ALG_CTR)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#define MBEDTLS_CIPHER_MODE_CTR
+#endif
+#endif /* PSA_WANT_ALG_CTR */
+
+#if defined(PSA_WANT_ALG_CFB)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#define MBEDTLS_CIPHER_MODE_CFB
+#endif
+#endif /* PSA_WANT_ALG_CFB */
+
+#if defined(PSA_WANT_ALG_OFB)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#define MBEDTLS_CIPHER_MODE_OFB
+#endif
+#endif /* PSA_WANT_ALG_OFB */
+
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#endif
+
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#endif
+#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+
+#if defined(PSA_WANT_ALG_CCM)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
+#define MBEDTLS_CCM_C
+#endif
+#endif /* PSA_WANT_ALG_CCM */
+
+#if defined(PSA_WANT_ALG_GCM)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#define MBEDTLS_GCM_C
+#endif
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#define MBEDTLS_CHACHAPOLY_C
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_POLY1305_C
+#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
+#endif /* PSA_WANT_ECC_SECP_R1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
+#endif /* PSA_WANT_ECC_SECP_R1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
+#endif /* PSA_WANT_ECC_SECP_R1_384 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
+#endif /* PSA_WANT_ECC_SECP_R1_521 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
+#endif /* PSA_WANT_ECC_SECP_K1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
+/*
+ * SECP224K1 is buggy via the PSA API in Mbed TLS
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
+ */
+#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
+#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H */
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h
new file mode 100644
index 0000000..088711d
--- /dev/null
+++ b/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -0,0 +1,346 @@
+/**
+ * \file mbedtls/config_adjust_psa_from_legacy.h
+ * \brief Adjust PSA configuration: construct PSA configuration from legacy
+ *
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable
+ * cryptographic mechanisms through the PSA interface when the corresponding
+ * legacy mechanism is enabled. In many cases, this just enables the PSA
+ * wrapper code around the legacy implementation, but we also do this for
+ * some mechanisms where PSA has its own independent implementation so
+ * that high-level modules that can use either cryptographic API have the
+ * same feature set in both cases.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
+#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
+
+/*
+ * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
+ * is not defined
+ */
+
+#if defined(MBEDTLS_CCM_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CMAC_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#define PSA_WANT_ALG_CMAC 1
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#define PSA_WANT_ALG_ECDH 1
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA_ANY 1
+
+// Only add in DETERMINISTIC support if ECDSA is also enabled
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+/* Normally we wouldn't enable this because it's not implemented in ecp.c,
+ * but since it used to be available any time ECP_C was enabled, let's enable
+ * it anyway for the sake of backwards compatibility */
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_DHM_C)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#define PSA_WANT_ALG_FFDH 1
+#define PSA_WANT_DH_FAMILY_RFC7919 1
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_GCM_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#define PSA_WANT_ALG_GCM 1
+#endif /* MBEDTLS_GCM_C */
+
+/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
+ * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
+ * PSA HKDF is enabled, so enable both algorithms together
+ * with PSA HKDF. */
+#if defined(MBEDTLS_HKDF_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define PSA_WANT_ALG_HMAC 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#define PSA_WANT_ALG_HKDF 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
+#define PSA_WANT_ALG_HKDF_EXTRACT 1
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
+#define PSA_WANT_ALG_HKDF_EXPAND 1
+#endif /* MBEDTLS_HKDF_C */
+
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD5_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#define PSA_WANT_ALG_MD5 1
+#endif
+
+#if defined(MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_PSA_BUILTIN_PAKE 1
+#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
+#define PSA_WANT_ALG_JPAKE 1
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#define PSA_WANT_ALG_RIPEMD160 1
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_PKCS1_V15)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#define PSA_WANT_ALG_RSA_OAEP 1
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+#define PSA_WANT_ALG_RSA_PSS 1
+#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_GENPRIME)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
+#endif /* MBEDTLS_GENPRIME */
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#define PSA_WANT_ALG_SHA_1 1
+#endif
+
+#if defined(MBEDTLS_SHA224_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#define PSA_WANT_ALG_SHA_224 1
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#define PSA_WANT_ALG_SHA_384 1
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA_512 1
+#endif
+
+#if defined(MBEDTLS_SHA3_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#endif
+
+#if defined(MBEDTLS_AES_C)
+#define PSA_WANT_KEY_TYPE_AES 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#endif
+
+#if defined(MBEDTLS_ARIA_C)
+#define PSA_WANT_KEY_TYPE_ARIA 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#define PSA_WANT_KEY_TYPE_CAMELLIA 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#define PSA_WANT_KEY_TYPE_DES 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif
+
+#if defined(MBEDTLS_CHACHA20_C)
+#define PSA_WANT_KEY_TYPE_CHACHA20 1
+#define PSA_WANT_ALG_STREAM_CIPHER 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#if defined(MBEDTLS_CHACHAPOLY_C)
+#define PSA_WANT_ALG_CHACHA20_POLY1305 1
+#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#endif
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#define PSA_WANT_ALG_CBC_NO_PADDING 1
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#define PSA_WANT_ALG_CBC_PKCS7 1
+#endif
+#endif
+
+#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
+ defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#define PSA_WANT_ALG_CFB 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#define PSA_WANT_ALG_CTR 1
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#define PSA_WANT_ALG_OFB 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#define PSA_WANT_ECC_MONTGOMERY_255 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#define PSA_WANT_ECC_MONTGOMERY_448 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#define PSA_WANT_ECC_SECP_R1_192 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#define PSA_WANT_ECC_SECP_R1_224 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#define PSA_WANT_ECC_SECP_R1_384 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#define PSA_WANT_ECC_SECP_R1_521 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#define PSA_WANT_ECC_SECP_K1_192 1
+#endif
+
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
+#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#define PSA_WANT_ECC_SECP_K1_224 1
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#define PSA_WANT_ECC_SECP_K1_256 1
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */
diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h
new file mode 100644
index 0000000..1738560
--- /dev/null
+++ b/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -0,0 +1,73 @@
+/**
+ * \file mbedtls/config_adjust_psa_superset_legacy.h
+ * \brief Adjust PSA configuration: automatic enablement from legacy
+ *
+ * To simplify some edge cases, we automatically enable certain cryptographic
+ * mechanisms in the PSA API if they are enabled in the legacy API. The general
+ * idea is that if legacy module M uses mechanism A internally, and A has
+ * both a legacy and a PSA implementation, we enable A through PSA whenever
+ * it's enabled through legacy. This facilitates the transition to PSA
+ * implementations of A for users of M.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+
+/****************************************************************/
+/* Hashes that are built in are also enabled in PSA.
+ * This simplifies dependency declarations especially
+ * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
+/****************************************************************/
+
+#if defined(MBEDTLS_MD5_C)
+#define PSA_WANT_ALG_MD5 1
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#define PSA_WANT_ALG_RIPEMD160 1
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#define PSA_WANT_ALG_SHA_1 1
+#endif
+
+#if defined(MBEDTLS_SHA224_C)
+#define PSA_WANT_ALG_SHA_224 1
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
+#if defined(MBEDTLS_SHA384_C)
+#define PSA_WANT_ALG_SHA_384 1
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#define PSA_WANT_ALG_SHA_512 1
+#endif
+
+#if defined(MBEDTLS_SHA3_C)
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
new file mode 100644
index 0000000..2275f3a
--- /dev/null
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -0,0 +1,88 @@
+/**
+ * \file mbedtls/config_adjust_ssl.h
+ * \brief Adjust TLS configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
+#define MBEDTLS_CONFIG_ADJUST_SSL_H
+
+/* The following blocks make it easier to disable all of TLS,
+ * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
+ * key exchanges, options and extensions related to them. */
+
+#if !defined(MBEDTLS_SSL_TLS_C)
+#undef MBEDTLS_SSL_CLI_C
+#undef MBEDTLS_SSL_SRV_C
+#undef MBEDTLS_SSL_PROTO_TLS1_3
+#undef MBEDTLS_SSL_PROTO_TLS1_2
+#undef MBEDTLS_SSL_PROTO_DTLS
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_DTLS)
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
+#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#undef MBEDTLS_SSL_DTLS_SRTP
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#undef MBEDTLS_SSL_RENEGOTIATION
+#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#endif
+
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+#undef MBEDTLS_SSL_EARLY_DATA
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+#define MBEDTLS_SSL_TLS1_2_SOME_ECC
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h
new file mode 100644
index 0000000..99a0ace
--- /dev/null
+++ b/include/mbedtls/config_adjust_x509.h
@@ -0,0 +1,37 @@
+/**
+ * \file mbedtls/config_adjust_x509.h
+ * \brief Adjust X.509 configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
+#define MBEDTLS_CONFIG_ADJUST_X509_H
+
+#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 3b30c02..bf87d0a 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -32,977 +32,21 @@
#include "psa/crypto_legacy.h"
+#include "psa/crypto_adjust_config_synonyms.h"
-
-/****************************************************************/
-/* De facto synonyms */
-/****************************************************************/
-
-#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
-#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
-#endif
-
-#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
-#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
-#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
-#endif
-
-
-/****************************************************************/
-/* Hashes that are built in are also enabled in PSA.
- * This simplifies dependency declarations especially
- * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */
-/****************************************************************/
-
-#if defined(MBEDTLS_MD5_C)
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-
-/****************************************************************/
-/* Require built-in implementations based on PSA requirements */
-/****************************************************************/
+#include "mbedtls/config_adjust_psa_superset_legacy.h"
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+/* Require built-in implementations based on PSA requirements */
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
-
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
-
-#if defined(PSA_WANT_ALG_FFDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
-#endif /* PSA_WANT_ALG_FFDH */
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
-
-#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
-#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
-
-#if defined(PSA_WANT_ALG_HKDF_EXPAND)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
-#endif /* PSA_WANT_ALG_HKDF_EXPAND */
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
-
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECJPAKE_C
-#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */
-#endif /* PSA_WANT_ALG_JPAKE */
-
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
-
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
-#define PSA_HAVE_SOFT_PBKDF2_HMAC
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
-#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-
-#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */
-#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#define MBEDTLS_GENPRIME
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-
-/* If any of the block modes are requested that don't have an
- * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
- * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
- (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
- (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
- (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
-
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
-#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)
-#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1
-#define PSA_HAVE_SOFT_PBKDF2_CMAC
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */
-#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
- defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#define MBEDTLS_ARIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_ARIA */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-
-/* If any of the software block ciphers are selected, define
- * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
- * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
- defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
-
-#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \
- defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
-#define PSA_HAVE_SOFT_PBKDF2 1
-#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */
-
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
-
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
-
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
-
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_CHACHA20_C
-#define MBEDTLS_POLY1305_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
- */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
-
-/****************************************************************/
-/* Infer PSA requirements from Mbed TLS capabilities */
-/****************************************************************/
+#include "mbedtls/config_adjust_legacy_from_psa.h"
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
-/*
- * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
- * is not defined
- */
+/* Infer PSA requirements from Mbed TLS capabilities */
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
-#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
-
-// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-/* Normally we wouldn't enable this because it's not implemented in ecp.c,
- * but since it used to be available any time ECP_C was enabled, let's enable
- * it anyway for the sake of backwards compatibility */
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_DHM_C)
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
-#define PSA_WANT_ALG_FFDH 1
-#define PSA_WANT_DH_FAMILY_RFC7919 1
-#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#endif /* MBEDTLS_DHM_C */
-
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
-
-/* Enable PSA HKDF algorithm if mbedtls HKDF is supported.
- * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when
- * PSA HKDF is enabled, so enable both algorithms together
- * with PSA HKDF. */
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
-#define PSA_WANT_ALG_HKDF_EXTRACT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
-#define PSA_WANT_ALG_HKDF_EXPAND 1
-#endif /* MBEDTLS_HKDF_C */
-
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C)
-#define MBEDTLS_PSA_BUILTIN_PAKE 1
-#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1
-#define PSA_WANT_ALG_JPAKE 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#if defined(MBEDTLS_GENPRIME)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#endif /* MBEDTLS_GENPRIME */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
-
-/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
+#include "mbedtls/config_adjust_psa_from_legacy.h"
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
@@ -1052,10 +96,6 @@
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
#endif
-/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_PASSWORD 1
-#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+#include "psa/crypto_adjust_auto_enabled.h"
#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index a89d4d2..bf95b90 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -175,7 +175,7 @@
#if !defined(MBEDTLS_ECP_ALT)
/*
- * default mbed TLS elliptic curve arithmetic implementation
+ * default Mbed TLS elliptic curve arithmetic implementation
*
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
* alternative implementation for the whole module and it will replace this
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index e17245e..c2bba41 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -115,10 +115,10 @@
* \brief Entropy context structure
*/
typedef struct mbedtls_entropy_context {
+ mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator);
int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
- mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator);
int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 11600bb..a7454f2 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -166,9 +166,9 @@
}
/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
+ * \brief Translate an Mbed TLS error code into a string representation.
+ * The result is truncated if necessary and always includes a
+ * terminating null byte.
*
* \param errnum error code
* \param buffer buffer to place representation in
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2a24a45..2f5c672 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -168,7 +168,7 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
@@ -241,10 +241,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -273,6 +273,48 @@
//#define MBEDTLS_PLATFORM_MS_TIME_ALT
/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces
+ * the default implementation in platform_util.c.
+ *
+ * By default, the library uses a system function such as memset_s()
+ * (optional feature of C11), explicit_bzero() (BSD and compatible), or
+ * SecureZeroMemory (Windows). If no such function is detected, the library
+ * falls back to a plain C implementation. Compilers are technically
+ * permitted to optimize this implementation out, meaning that the memory is
+ * not actually wiped. The library tries to prevent that, but the C language
+ * makes it impossible to guarantee that the memory will always be wiped.
+ *
+ * If your platform provides a guaranteed method to wipe memory which
+ * `platform_util.c` does not detect, define this macro to the name of
+ * a function that takes two arguments, a `void *` pointer and a length,
+ * and wipes that many bytes starting at the specified address. For example,
+ * if your platform has explicit_bzero() but `platform_util.c` does not
+ * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be
+ * `explicit_bzero` to use that function as mbedtls_platform_zeroize().
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
* \def MBEDTLS_DEPRECATED_WARNING
*
* Mark deprecated functions and features so that they generate a warning if
@@ -302,7 +344,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -325,7 +367,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -333,7 +375,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -381,14 +423,14 @@
/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -438,11 +480,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -466,11 +508,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -501,7 +543,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -569,6 +611,20 @@
*/
//#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+/*
+ * Disable plain C implementation for AES.
+ *
+ * When the plain C implementation is enabled, and an implementation using a
+ * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
+ * detection will be used to select between them.
+ *
+ * If only one implementation is present, runtime detection will not be used.
+ * This configuration will crash at runtime if running on a CPU without the
+ * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
+ * and/or MBEDTLS_AESNI_C is enabled & present in the build.
+ */
+//#define MBEDTLS_AES_USE_HARDWARE_ONLY
+
/**
* \def MBEDTLS_CAMELLIA_SMALL_MEMORY
*
@@ -693,6 +749,15 @@
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -783,6 +848,28 @@
//#define MBEDTLS_ECP_RESTARTABLE
/**
+ * Uncomment to enable using new bignum code in the ECC modules.
+ *
+ * \warning This is currently experimental, incomplete and therefore should not
+ * be used in production.
+ */
+//#define MBEDTLS_ECP_WITH_MPI_UINT
+
+/**
+ * Uncomment to enable p256-m, which implements ECC key generation, ECDH,
+ * and ECDSA for SECP256R1 curves. This driver is used as an example to
+ * document how a third-party driver or software accelerator can be integrated
+ * to work alongside Mbed TLS.
+ *
+ * \warning p256-m has only been included to serve as a sample implementation
+ * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not
+ * intended for use in production. p256-m files in Mbed TLS are not updated
+ * regularly, so they may not contain upstream fixes/improvements.
+ * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS!
+ */
+//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
+
+/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA (RFC 6979).
@@ -1404,7 +1491,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -1643,9 +1730,7 @@
*
* Enable support for TLS 1.3.
*
- * \note The support for TLS 1.3 is not comprehensive yet, in particular
- * pre-shared keys are not supported.
- * See docs/architecture/tls13-support.md for a description of the TLS
+ * \note See docs/architecture/tls13-support.md for a description of the TLS
* 1.3 support that this option enables.
*
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
@@ -2096,12 +2181,12 @@
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
@@ -2797,7 +2882,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -3399,7 +3484,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3413,7 +3498,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3559,7 +3644,7 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
@@ -3842,7 +3927,7 @@
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
/* RSA OPTIONS */
-#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
+//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
@@ -3973,7 +4058,7 @@
* This is not used in TLS 1.2.
*
*/
-#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
@@ -3982,7 +4067,7 @@
*
* This must be less than 256.
*/
-#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
/**
* \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
@@ -3992,95 +4077,10 @@
* the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
*
*/
-#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
/* X509 options */
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
-/**
- * Uncomment to enable p256-m, which implements ECC key generation, ECDH,
- * and ECDSA for SECP256R1 curves. This driver is used as an example to
- * document how a third-party driver or software accelerator can be integrated
- * to work alongside Mbed TLS.
- *
- * \warning p256-m has only been included to serve as a sample implementation
- * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not
- * intended for use in production. p256-m files in Mbed TLS are not updated
- * regularly, so they may not contain upstream fixes/improvements.
- * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS!
- */
-//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
-
-
-/**
- * Uncomment to enable using new bignum code in the ECC modules.
- *
- * \warning This is currently experimental, incomplete and therefore should not
- * be used in production.
- */
-//#define MBEDTLS_ECP_WITH_MPI_UINT
-
-/*
- * Disable plain C implementation for AES.
- *
- * When the plain C implementation is enabled, and an implementation using a
- * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime
- * detection will be used to select between them.
- *
- * If only one implementation is present, runtime detection will not be used.
- * This configuration will crash at runtime if running on a CPU without the
- * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C
- * and/or MBEDTLS_AESNI_C is enabled & present in the build.
- */
-//#define MBEDTLS_AES_USE_HARDWARE_ONLY
-
/** \} name SECTION: Module configuration options */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index dde95c5..c9a7858 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -85,6 +85,26 @@
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
#define MBEDTLS_MD_SOME_PSA
#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_SHA3_224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_SHA3_256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_SHA3_384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SHA3_512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
#endif /* MBEDTLS_PSA_CRYPTO_C */
/* Built-in implementations */
@@ -117,6 +137,7 @@
#define MBEDTLS_MD_CAN_SHA3_256
#define MBEDTLS_MD_CAN_SHA3_384
#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SOME_LEGACY
#endif
#if defined(MBEDTLS_RIPEMD160_C)
#define MBEDTLS_MD_CAN_RIPEMD160
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index e333ba1..9545072 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -270,6 +270,15 @@
#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */
+
+
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
@@ -280,6 +289,16 @@
#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */
+
+#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */
+
+#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
+
/*
* Encryption algorithms
*/
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index c7973d9..21b3697 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -1,7 +1,7 @@
/**
* \file platform_time.h
*
- * \brief mbed TLS Platform time abstraction
+ * \brief Mbed TLS Platform time abstraction
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index edbde94..3f23fef 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -145,6 +145,11 @@
#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
#endif
+/* If the following macro is defined, the library is being built by the test
+ * framework, and the framework is going to provide a replacement
+ * mbedtls_platform_zeroize() using a preprocessor macro, so the function
+ * declaration should be omitted. */
+#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names
/**
* \brief Securely zeroize a buffer
*
@@ -168,6 +173,7 @@
*
*/
void mbedtls_platform_zeroize(void *buf, size_t len);
+#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 87e5cc6..87e259f 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -50,9 +50,9 @@
* made in the call to mbedtls_sha256_starts().
*/
typedef struct mbedtls_sha256_context {
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
- unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 920efa9..a3ecbfb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -405,6 +405,18 @@
#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
+#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+#endif
+
+#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH)
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+#endif
+
+#if !defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+#endif
+
/** \} name SECTION: Module settings */
/*
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 2db5209..bf0c1a1 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for mbed TLS
+ * \brief SSL Ciphersuites for Mbed TLS
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1b9c7ce..6a336c3 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -55,9 +55,9 @@
* \brief Set your alternate threading implementation function
* pointers and initialize global mutexes. If used, this
* function must be called once in the main thread before any
- * other mbed TLS function is called, and
+ * other Mbed TLS function is called, and
* mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
+ * thread after all other Mbed TLS functions.
*
* \note mutex_init() and mutex_free() don't return a status code.
* If mutex_init() fails, it should leave its argument (the
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index bb1a4c3..073211a 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -52,9 +52,9 @@
void mbedtls_version_get_string(char *string);
/**
- * Get the full version string ("mbed TLS x.y.z").
+ * Get the full version string ("Mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The mbed TLS version
+ * \param string The string that will receive the value. The Mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -64,12 +64,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
+ * Mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
+ * support", "Mbed TLS modules" and "Mbed TLS feature
* support" in mbedtls_config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 078781c..3f9b250 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1007,7 +1007,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -1022,7 +1022,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 80adb19..513a83e 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -180,7 +180,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h
new file mode 100644
index 0000000..5e18298
--- /dev/null
+++ b/include/psa/crypto_adjust_auto_enabled.h
@@ -0,0 +1,33 @@
+/**
+ * \file psa/crypto_adjust_auto_enabled.h
+ * \brief Adjust PSA configuration: enable always-on features
+ *
+ * Always enable certain features which require a negligible amount of code
+ * to implement, to avoid some edge cases in the configuration combinatorics.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+
+#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h
new file mode 100644
index 0000000..5142ef0
--- /dev/null
+++ b/include/psa/crypto_adjust_config_synonyms.h
@@ -0,0 +1,57 @@
+/**
+ * \file psa/crypto_adjust_config_synonyms.h
+ * \brief Adjust PSA configuration: enable quasi-synonyms
+ *
+ * When two features require almost the same code, we automatically enable
+ * both when either one is requested, to reduce the combinatorics of
+ * possible configurations.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+
+/****************************************************************/
+/* De facto synonyms */
+/****************************************************************/
+
+#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#endif
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
+#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
+#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
+#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index c78c8d0..d3e0692 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -45,6 +45,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
@@ -52,7 +53,11 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
#define MBEDTLS_PSA_BUILTIN_HASH
#endif
@@ -77,6 +82,12 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
mbedtls_sha512_context sha512;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_context sha3;
+#endif
} MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index d8e8e19..4e7a71e 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -87,6 +87,10 @@
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 55c0b1f..98ffbce 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -125,28 +125,43 @@
* This macro expands to a compile-time constant integer. This value
* is the maximum size of a hash in bytes.
*/
-/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
+/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
* see the note on MBEDTLS_MD_MAX_SIZE for details. */
-#if defined(PSA_WANT_ALG_SHA_512)
-#define PSA_HASH_MAX_SIZE 64
+#if defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144
+#elif defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136
+#elif defined(PSA_WANT_ALG_SHA_512)
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
#elif defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HASH_MAX_SIZE 48
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#elif defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104
+#elif defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72
#elif defined(PSA_WANT_ALG_SHA_256)
-#define PSA_HASH_MAX_SIZE 32
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#elif defined(PSA_WANT_ALG_SHA_224)
-#define PSA_HASH_MAX_SIZE 28
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#else /* SHA-1 or smaller */
-#define PSA_HASH_MAX_SIZE 20
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#endif
+#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
+#define PSA_HASH_MAX_SIZE 64
+#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
+#define PSA_HASH_MAX_SIZE 48
+#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
+#define PSA_HASH_MAX_SIZE 32
+#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
+#define PSA_HASH_MAX_SIZE 28
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20
+#endif
+
/** \def PSA_MAC_MAX_SIZE
*
* Maximum size of a MAC.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 351edd0..83204f3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,7 +1,7 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
diff --git a/library/aes.c b/library/aes.c
index 47a5e3e..0a7b26c 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -34,20 +34,19 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#if defined(__aarch64__)
+#if defined(MBEDTLS_ARCH_IS_ARM64)
#if !defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
-#if defined(__amd64__) || defined(__x86_64__) || \
- ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))
+#if defined(MBEDTLS_ARCH_IS_X64)
#if !defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
-#if defined(__i386__) || defined(_M_IX86)
+#if defined(MBEDTLS_ARCH_IS_X86)
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_AESNI_C)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
@@ -652,7 +651,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits);
}
@@ -764,7 +763,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_aesce_inverse_key(
(unsigned char *) RK,
@@ -1091,7 +1090,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_crypt_ecb(ctx, mode, input, output);
}
@@ -1910,7 +1909,7 @@
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
} else
diff --git a/library/aesce.c b/library/aesce.c
index 6f75a67..8b42b03 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -46,7 +46,7 @@
#include "aesce.h"
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_ARCH_IS_ARM64)
/* Compiler version checks. */
#if defined(__clang__)
@@ -510,6 +510,6 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#endif /* MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_C */
diff --git a/library/aesce.h b/library/aesce.h
index 735c8cf..d24c423 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -30,13 +30,10 @@
#include "mbedtls/aes.h"
-#if !defined(MBEDTLS_HAVE_ARM64)
-#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)
-#define MBEDTLS_HAVE_ARM64
-#endif
-#endif
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64)
+
+#define MBEDTLS_AESCE_HAVE_CODE
#ifdef __cplusplus
extern "C" {
@@ -131,6 +128,6 @@
}
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_H */
diff --git a/library/aesni.h b/library/aesni.h
index 332a0f0..ba14290 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -32,23 +32,8 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
-/* Can we do AESNI with inline assembly?
- * (Only implemented with gas syntax, only for 64-bit.)
- */
-#if !defined(MBEDTLS_HAVE_X86_64) && \
- (defined(__amd64__) || defined(__x86_64__) || \
- defined(_M_X64) || defined(_M_AMD64)) && \
- !defined(_M_ARM64EC)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if !defined(MBEDTLS_HAVE_X86) && \
- (defined(__i386__) || defined(_M_IX86))
-#define MBEDTLS_HAVE_X86
-#endif
-
#if defined(MBEDTLS_AESNI_C) && \
- (defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))
+ (defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86))
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
@@ -75,7 +60,10 @@
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#elif defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
+ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
+/* Can we do AESNI with inline assembly?
+ * (Only implemented with gas syntax, only for 64-bit.)
+ */
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(__GNUC__)
# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
diff --git a/library/bignum.c b/library/bignum.c
index a08aa49..61353ca 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -72,7 +72,7 @@
}
/*
- * Set sign_N to 1 if N >= 0, 0 if N < 0.
+ * Set N_is_negative to MBEDTLS_CT_FALSE if N >= 0, MBEDTLS_CT_TRUE if N < 0.
* We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
*/
X_is_negative = mbedtls_ct_bool((X->s & 2) >> 1);
@@ -83,7 +83,7 @@
* That is if X is negative (X_is_negative == 1), then X < Y is true and it
* is false if X is positive (X_is_negative == 0).
*/
- different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign
+ different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // true if different sign
result = mbedtls_ct_bool_and(different_sign, X_is_negative);
/*
@@ -2309,29 +2309,30 @@
#if defined(MBEDTLS_GENPRIME)
-static const int small_prime[] =
-{
- 3, 5, 7, 11, 13, 17, 19, 23,
- 29, 31, 37, 41, 43, 47, 53, 59,
- 61, 67, 71, 73, 79, 83, 89, 97,
- 101, 103, 107, 109, 113, 127, 131, 137,
- 139, 149, 151, 157, 163, 167, 173, 179,
- 181, 191, 193, 197, 199, 211, 223, 227,
- 229, 233, 239, 241, 251, 257, 263, 269,
- 271, 277, 281, 283, 293, 307, 311, 313,
- 317, 331, 337, 347, 349, 353, 359, 367,
- 373, 379, 383, 389, 397, 401, 409, 419,
- 421, 431, 433, 439, 443, 449, 457, 461,
- 463, 467, 479, 487, 491, 499, 503, 509,
- 521, 523, 541, 547, 557, 563, 569, 571,
- 577, 587, 593, 599, 601, 607, 613, 617,
- 619, 631, 641, 643, 647, 653, 659, 661,
- 673, 677, 683, 691, 701, 709, 719, 727,
- 733, 739, 743, 751, 757, 761, 769, 773,
- 787, 797, 809, 811, 821, 823, 827, 829,
- 839, 853, 857, 859, 863, 877, 881, 883,
- 887, 907, 911, 919, 929, 937, 941, 947,
- 953, 967, 971, 977, 983, 991, 997, -103
+/* Gaps between primes, starting at 3. https://oeis.org/A001223 */
+static const unsigned char small_prime_gaps[] = {
+ 2, 2, 4, 2, 4, 2, 4, 6,
+ 2, 6, 4, 2, 4, 6, 6, 2,
+ 6, 4, 2, 6, 4, 6, 8, 4,
+ 2, 4, 2, 4, 14, 4, 6, 2,
+ 10, 2, 6, 6, 4, 6, 6, 2,
+ 10, 2, 4, 2, 12, 12, 4, 2,
+ 4, 6, 2, 10, 6, 6, 6, 2,
+ 6, 4, 2, 10, 14, 4, 2, 4,
+ 14, 6, 10, 2, 4, 6, 8, 6,
+ 6, 4, 6, 8, 4, 8, 10, 2,
+ 10, 2, 6, 4, 6, 8, 4, 2,
+ 4, 12, 8, 4, 8, 4, 6, 12,
+ 2, 18, 6, 10, 6, 6, 2, 6,
+ 10, 6, 6, 2, 6, 6, 4, 2,
+ 12, 10, 2, 4, 6, 6, 2, 12,
+ 4, 6, 8, 10, 8, 10, 8, 6,
+ 6, 4, 8, 6, 4, 8, 4, 14,
+ 10, 12, 2, 10, 2, 4, 2, 10,
+ 14, 4, 2, 4, 14, 4, 2, 4,
+ 20, 4, 8, 10, 8, 4, 6, 6,
+ 14, 4, 6, 6, 8, 6, /*reaches 997*/
+ 0 /* the last entry is effectively unused */
};
/*
@@ -2348,20 +2349,20 @@
int ret = 0;
size_t i;
mbedtls_mpi_uint r;
+ unsigned p = 3; /* The first odd prime */
if ((X->p[0] & 1) == 0) {
return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
}
- for (i = 0; small_prime[i] > 0; i++) {
- if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) {
- return 1;
- }
-
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i]));
-
+ for (i = 0; i < sizeof(small_prime_gaps); p += small_prime_gaps[i], i++) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, p));
if (r == 0) {
- return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ if (mbedtls_mpi_cmp_int(X, p) == 0) {
+ return 1;
+ } else {
+ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ }
}
}
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 48b640b..dbf6d1d 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -77,38 +77,17 @@
return 0;
}
-/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
- * into the storage form used by mbedtls_mpi. */
-static mbedtls_mpi_uint mpi_bigendian_to_host_c(mbedtls_mpi_uint a)
-{
- uint8_t i;
- unsigned char *a_ptr;
- mbedtls_mpi_uint tmp = 0;
-
- for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) {
- tmp <<= CHAR_BIT;
- tmp |= (mbedtls_mpi_uint) *a_ptr;
- }
-
- return tmp;
-}
-
static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a)
{
if (MBEDTLS_IS_BIG_ENDIAN) {
/* Nothing to do on bigendian systems. */
return a;
} else {
- switch (sizeof(mbedtls_mpi_uint)) {
- case 4:
- return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a);
- case 8:
- return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a);
- }
-
- /* Fall back to C-based reordering if we don't know the byte order
- * or we couldn't use a compiler-specific builtin. */
- return mpi_bigendian_to_host_c(a);
+#if defined(MBEDTLS_HAVE_INT32)
+ return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a);
+#elif defined(MBEDTLS_HAVE_INT64)
+ return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a);
+#endif
}
}
diff --git a/library/ccm.c b/library/ccm.c
index cd689c8..bc61376 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -400,7 +400,6 @@
mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len);
memcpy(output, local_output, use_len);
- mbedtls_platform_zeroize(local_output, 16);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
if ((ret =
diff --git a/library/cipher.c b/library/cipher.c
index de7f837..69ee6d7 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,7 +1,7 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 6ab2f5f..8e06121 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,7 +1,7 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/constant_time.c b/library/constant_time.c
index 12aed13..d3c69cf 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -150,8 +150,13 @@
const unsigned char *src2,
size_t len)
{
+#if defined(MBEDTLS_CT_SIZE_64)
+ const uint64_t mask = (uint64_t) condition;
+ const uint64_t not_mask = (uint64_t) ~mbedtls_ct_compiler_opaque(condition);
+#else
const uint32_t mask = (uint32_t) condition;
const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition);
+#endif
/* If src2 is NULL, setup src2 so that we read from the destination address.
*
@@ -165,11 +170,19 @@
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
size_t i = 0;
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+#if defined(MBEDTLS_CT_SIZE_64)
+ for (; (i + 8) <= len; i += 8) {
+ uint64_t a = mbedtls_get_unaligned_uint64(src1 + i) & mask;
+ uint64_t b = mbedtls_get_unaligned_uint64(src2 + i) & not_mask;
+ mbedtls_put_unaligned_uint64(dest + i, a | b);
+ }
+#else
for (; (i + 4) <= len; i += 4) {
uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask;
uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask;
mbedtls_put_unaligned_uint32(dest + i, a | b);
}
+#endif /* defined(MBEDTLS_CT_SIZE_64) */
#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */
for (; i < len; i++) {
dest[i] = (src1[i] & mask) | (src2[i] & not_mask);
diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 0c3cde9..4290e60 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h
@@ -1,15 +1,6 @@
/**
* Constant-time functions
*
- * For readability, the static inline definitions are here, and
- * constant_time_internal.h has only the declarations.
- *
- * This results in duplicate declarations of the form:
- * static inline void f() { ... }
- * static inline void f();
- * when constant_time_internal.h is included. This appears to behave
- * exactly as if the declaration-without-definition was not present.
- *
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
@@ -37,19 +28,34 @@
#include "mbedtls/bignum.h"
#endif
-/* constant_time_impl.h contains all the static inline implementations,
- * so that constant_time_internal.h is more readable.
+/*
+ * To improve readability of constant_time_internal.h, the static inline
+ * definitions are here, and constant_time_internal.h has only the declarations.
*
- * gcc generates warnings about duplicate declarations, so disable this
- * warning.
+ * This results in duplicate declarations of the form:
+ * static inline void f(); // from constant_time_internal.h
+ * static inline void f() { ... } // from constant_time_impl.h
+ * when constant_time_internal.h is included.
+ *
+ * This appears to behave as if the declaration-without-definition was not present
+ * (except for warnings if gcc -Wredundant-decls or similar is used).
+ *
+ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled
+ * at the bottom of this file.
*/
#ifdef __GNUC__
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wredundant-decls"
#endif
-/* Disable asm under Memsan because it confuses Memsan and generates false errors */
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+/* Disable asm under Memsan because it confuses Memsan and generates false errors.
+ *
+ * We also disable under Valgrind by default, because it's more useful
+ * for Valgrind to test the plain C implementation. MBEDTLS_TEST_CONSTANT_FLOW_ASM //no-check-names
+ * may be set to permit building asm under Valgrind.
+ */
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) || \
+ (defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) && !defined(MBEDTLS_TEST_CONSTANT_FLOW_ASM)) //no-check-names
#define MBEDTLS_CT_NO_ASM
#elif defined(__has_feature)
#if __has_feature(memory_sanitizer)
@@ -65,6 +71,10 @@
#define MBEDTLS_CT_ARM_ASM
#elif defined(__aarch64__)
#define MBEDTLS_CT_AARCH64_ASM
+#elif defined(__amd64__) || defined(__x86_64__)
+#define MBEDTLS_CT_X86_64_ASM
+#elif defined(__i386__)
+#define MBEDTLS_CT_X86_ASM
#endif
#endif
@@ -109,6 +119,28 @@
#endif
}
+/*
+ * Selecting unified syntax is needed for gcc, and harmless on clang.
+ *
+ * This is needed because on Thumb 1, condition flags are always set, so
+ * e.g. "negs" is supported but "neg" is not (on Thumb 2, both exist).
+ *
+ * Under Thumb 1 unified syntax, only the "negs" form is accepted, and
+ * under divided syntax, only the "neg" form is accepted. clang only
+ * supports unified syntax.
+ *
+ * On Thumb 2 and Arm, both compilers are happy with the "s" suffix,
+ * although we don't actually care about setting the flags.
+ *
+ * For gcc, restore divided syntax afterwards - otherwise old versions of gcc
+ * seem to apply unified syntax globally, which breaks other asm code.
+ */
+#if !defined(__clang__)
+#define RESTORE_ASM_SYNTAX ".syntax divided \n\t"
+#else
+#define RESTORE_ASM_SYNTAX
+#endif
+
/* Convert a number into a condition in constant time. */
static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
{
@@ -120,6 +152,60 @@
* Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into
* conditional instructions or branches by trunk clang, gcc, or MSVC v19.
*/
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ mbedtls_ct_uint_t s;
+ asm volatile ("neg %x[s], %x[x] \n\t"
+ "orr %x[x], %x[s], %x[x] \n\t"
+ "asr %x[x], %x[x], 63 \n\t"
+ :
+ [s] "=&r" (s),
+ [x] "+&r" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile (".syntax unified \n\t"
+ "negs %[s], %[x] \n\t"
+ "orrs %[x], %[x], %[s] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s] "=&l" (s),
+ [x] "+&l" (x)
+ :
+ :
+ "cc" /* clobbers flag bits */
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[x], %[s] \n\t"
+ "sar $63, %[s] \n\t"
+ :
+ [s] "=&a" (s)
+ :
+ [x] "D" (x)
+ :
+ );
+ return (mbedtls_ct_condition_t) s;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "neg %[s] \n\t"
+ "or %[s], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&c" (s),
+ [x] "+&a" (x)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
#if defined(_MSC_VER)
/* MSVC has a warning about unary minus on unsigned, but this is
@@ -127,24 +213,166 @@
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
- return (mbedtls_ct_condition_t) (((mbedtls_ct_int_t) ((-xo) | -(xo >> 1))) >>
- (MBEDTLS_CT_SIZE - 1));
+ // y is negative (i.e., top bit set) iff x is non-zero
+ mbedtls_ct_int_t y = (-xo) | -(xo >> 1);
+
+ // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero)
+ y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1));
+
+ // -y has all bits set (if x is non-zero), or all bits clear (if x is zero)
+ return (mbedtls_ct_condition_t) (-y);
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
+#endif
}
static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
mbedtls_ct_uint_t if1,
mbedtls_ct_uint_t if0)
{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t"
+ "mvn %x[condition], %x[condition] \n\t"
+ "and %x[condition], %x[condition], %x[if0] \n\t"
+ "orr %x[condition], %x[if1], %x[condition]"
+ :
+ [condition] "+&r" (condition),
+ [if1] "+&r" (if1)
+ :
+ [if0] "r" (if0)
+ :
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile (".syntax unified \n\t"
+ "ands %[if1], %[if1], %[condition] \n\t"
+ "mvns %[condition], %[condition] \n\t"
+ "ands %[condition], %[condition], %[if0] \n\t"
+ "orrs %[condition], %[if1], %[condition] \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [condition] "+&l" (condition),
+ [if1] "+&l" (if1)
+ :
+ [if0] "l" (if0)
+ :
+ "cc"
+ );
+ return (mbedtls_ct_uint_t) condition;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[condition], %[if0] \n\t"
+ "or %[if1], %[if0] \n\t"
+ :
+ [condition] "+&D" (condition),
+ [if1] "+&S" (if1),
+ [if0] "+&a" (if0)
+ :
+ :
+ );
+ return if0;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ asm volatile ("and %[condition], %[if1] \n\t"
+ "not %[condition] \n\t"
+ "and %[if0], %[condition] \n\t"
+ "or %[condition], %[if1] \n\t"
+ :
+ [condition] "+&c" (condition),
+ [if1] "+&a" (if1)
+ :
+ [if0] "b" (if0)
+ :
+ );
+ return if1;
+#else
mbedtls_ct_condition_t not_cond =
(mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition));
return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0));
+#endif
}
static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
{
+#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s1;
+ asm volatile ("eor %x[s1], %x[y], %x[x] \n\t"
+ "sub %x[x], %x[x], %x[y] \n\t"
+ "bic %x[x], %x[x], %x[s1] \n\t"
+ "and %x[s1], %x[s1], %x[y] \n\t"
+ "orr %x[s1], %x[x], %x[s1] \n\t"
+ "asr %x[x], %x[s1], 63"
+ :
+ [s1] "=&r" (s1),
+ [x] "+&r" (x)
+ :
+ [y] "r" (y)
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s1;
+ asm volatile (
+ ".syntax unified \n\t"
+#if defined(__thumb__) && !defined(__thumb2__)
+ "movs %[s1], %[x] \n\t"
+ "eors %[s1], %[s1], %[y] \n\t"
+#else
+ "eors %[s1], %[x], %[y] \n\t"
+#endif
+ "subs %[x], %[x], %[y] \n\t"
+ "bics %[x], %[x], %[s1] \n\t"
+ "ands %[y], %[s1], %[y] \n\t"
+ "orrs %[x], %[x], %[y] \n\t"
+ "asrs %[x], %[x], #31 \n\t"
+ RESTORE_ASM_SYNTAX
+ :
+ [s1] "=&l" (s1),
+ [x] "+&l" (x),
+ [y] "+&l" (y)
+ :
+ :
+ "cc"
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
+ uint64_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $63, %[x] \n\t"
+ :
+ [s] "=&a" (s),
+ [x] "+&D" (x),
+ [y] "+&S" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
+ uint32_t s;
+ asm volatile ("mov %[x], %[s] \n\t"
+ "xor %[y], %[s] \n\t"
+ "sub %[y], %[x] \n\t"
+ "and %[s], %[y] \n\t"
+ "not %[s] \n\t"
+ "and %[s], %[x] \n\t"
+ "or %[y], %[x] \n\t"
+ "sar $31, %[x] \n\t"
+ :
+ [s] "=&b" (s),
+ [x] "+&a" (x),
+ [y] "+&c" (y)
+ :
+ :
+ );
+ return (mbedtls_ct_condition_t) x;
+#else
/* Ensure that the compiler cannot optimise the following operations over x and y,
* even if it knows the value of x and y.
*/
@@ -173,6 +401,7 @@
// Convert to a condition (i.e., all bits set iff non-zero)
return mbedtls_ct_bool(ret);
+#endif
}
static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
@@ -189,8 +418,8 @@
unsigned char c,
unsigned char t)
{
- const unsigned char co = (const unsigned char) mbedtls_ct_compiler_opaque(c);
- const unsigned char to = (const unsigned char) mbedtls_ct_compiler_opaque(t);
+ const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c);
+ const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t);
/* low_mask is: 0 if low <= c, 0x...ff if low > c */
unsigned low_mask = ((unsigned) co - low) >> 8;
@@ -300,6 +529,7 @@
}
#ifdef __GNUC__
+/* Restore warnings for -Wredundant-decls on gcc */
#pragma GCC diagnostic pop
#endif
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index dabf720..ff7ccc1 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -47,7 +47,7 @@
* These are all named mbedtls_ct_<type>_if and mbedtls_ct_<type>_if_else_0
* All arguments are considered secret.
* example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c)
- * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint__if_else_0(x, b)
+ * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if_else_0(x, b)
*
* - block memory operations
* Only some arguments are considered secret, as documented for each
@@ -85,12 +85,14 @@
typedef uint64_t mbedtls_ct_condition_t;
typedef uint64_t mbedtls_ct_uint_t;
typedef int64_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_64
#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT64_MAX))
#else
/* Pointer size <= 32-bit, and no 64-bit MPIs */
typedef uint32_t mbedtls_ct_condition_t;
typedef uint32_t mbedtls_ct_uint_t;
typedef int32_t mbedtls_ct_int_t;
+#define MBEDTLS_CT_SIZE_32
#define MBEDTLS_CT_TRUE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(UINT32_MAX))
#endif
#define MBEDTLS_CT_FALSE ((mbedtls_ct_condition_t) mbedtls_ct_compiler_opaque(0))
@@ -453,8 +455,8 @@
*
* memcpy(dst, src + offset, len)
*
- * This function copies \p len bytes from \p src_base + \p offset to \p
- * dst, with a code flow and memory access pattern that does not depend on
+ * This function copies \p len bytes from \p src + \p offset to
+ * \p dst, with a code flow and memory access pattern that does not depend on
* \p offset, but only on \p offset_min, \p offset_max and \p len.
*
* \note This function reads from \p dest, but the value that
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 19ad2c6..6355b5e 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -1131,7 +1131,7 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
- * are generated. This is only the case for the internal mbed TLS
+ * are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {
diff --git a/library/ecp.c b/library/ecp.c
index f9b6672..5f2a7b0 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -958,9 +958,8 @@
/*
* Next two bytes are the namedcurve value
*/
- tls_id = *(*buf)++;
- tls_id <<= 8;
- tls_id |= *(*buf)++;
+ tls_id = MBEDTLS_GET_UINT16_BE(*buf, 0);
+ *buf += 2;
if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) {
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index 3cfd4a4..be4943c 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -50,7 +50,7 @@
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.
diff --git a/library/gcm.c b/library/gcm.c
index 786290f..b06ca4a 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -97,7 +97,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return 0;
}
@@ -208,7 +208,7 @@
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
unsigned char h[16];
@@ -885,7 +885,7 @@
} else
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" GCM note: using AESCE.\n");
} else
diff --git a/library/md.c b/library/md.c
index 7c4c69f..6dfbba7 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,7 +1,7 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for mbed TLS
+ * \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
@@ -232,6 +232,22 @@
case MBEDTLS_MD_SHA512:
return PSA_ALG_SHA_512;
#endif
+#if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
+ case MBEDTLS_MD_SHA3_224:
+ return PSA_ALG_SHA3_224;
+#endif
+#if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
+ case MBEDTLS_MD_SHA3_256:
+ return PSA_ALG_SHA3_256;
+#endif
+#if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
+ case MBEDTLS_MD_SHA3_384:
+ return PSA_ALG_SHA3_384;
+#endif
+#if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
+ case MBEDTLS_MD_SHA3_512:
+ return PSA_ALG_SHA3_512;
+#endif
default:
return PSA_ALG_NONE;
}
diff --git a/library/md5.c b/library/md5.c
index 138a320..7e7e3ad 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -286,7 +286,7 @@
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -303,7 +303,7 @@
MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -314,7 +314,11 @@
MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_md5_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_MD5_ALT */
diff --git a/library/mps_common.h b/library/mps_common.h
index 33b518b..301d525 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_error.h b/library/mps_error.h
index 15570d2..5113959 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_reader.h b/library/mps_reader.h
index bff6705..bb912ec 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 6f0455f..f8e0a5d 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/oid.c b/library/oid.c
index 47a311b..608b6c8 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -761,6 +761,30 @@
MBEDTLS_MD_RIPEMD160,
},
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"),
+ MBEDTLS_MD_SHA3_224,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"),
+ MBEDTLS_MD_SHA3_256,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"),
+ MBEDTLS_MD_SHA3_384,
+ },
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"),
+ MBEDTLS_MD_SHA3_512,
+ },
+#endif
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
@@ -796,7 +820,7 @@
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
MBEDTLS_MD_SHA224,
},
-#endif
+#endif /* MBEDTLS_MD_CAN_SHA224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
@@ -815,6 +839,36 @@
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_MD_CAN_SHA512 */
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"),
+ MBEDTLS_MD_SHA3_224,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_224 */
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"),
+ MBEDTLS_MD_SHA3_256,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_256 */
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"),
+ MBEDTLS_MD_SHA3_384,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_384 */
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"),
+ MBEDTLS_MD_SHA3_512,
+ },
+#endif /* MBEDTLS_MD_CAN_SHA3_512 */
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"),
+ MBEDTLS_MD_RIPEMD160,
+ },
+#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
diff --git a/library/padlock.c b/library/padlock.c
index f42c40f..563d40e 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -31,7 +31,7 @@
#include <string.h>
-#if defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
@@ -162,6 +162,6 @@
return 0;
}
-#endif /* MBEDTLS_HAVE_X86 */
+#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/padlock.h b/library/padlock.h
index ae5c486..a00afe0 100644
--- a/library/padlock.h
+++ b/library/padlock.h
@@ -38,16 +38,17 @@
#endif
#endif
-/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+/*
+ * - `padlock` is implements with GNUC assembly for x86 target.
+ * - Some versions of ASan result in errors about not enough registers.
+ */
+#if defined(MBEDTLS_PADLOCK_C) && \
+ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
+ defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
-#ifndef MBEDTLS_HAVE_X86
-#define MBEDTLS_HAVE_X86
-#endif
-
#include <stdint.h>
#define MBEDTLS_PADLOCK_RNG 0x000C
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 439428c..eee64ab 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -77,7 +77,7 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C)
/* It is assumed that the input key is opaque */
static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
{
@@ -92,7 +92,7 @@
return ec_family;
}
-#endif /* MBETLS_USE_PSA_CRYPTO */
+#endif /* MBETLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
diff --git a/library/platform_util.c b/library/platform_util.c
index 63b7c41..09216ed 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -126,6 +126,26 @@
#else
memset_func(buf, 0, len);
#endif
+
+#if defined(__GNUC__)
+ /* For clang and recent gcc, pretend that we have some assembly that reads the
+ * zero'd memory as an additional protection against being optimised away. */
+#if defined(__clang__) || (__GNUC__ >= 10)
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wvla"
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
+ asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#elif defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC diagnostic pop
+#endif
+#endif
+#endif
}
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 84da7ad..456d4e3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -64,6 +64,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
+#include "mbedtls/constant_time.h"
#include "mbedtls/des.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
@@ -104,9 +105,9 @@
#define RNG_SEEDED 2
typedef struct {
- unsigned initialized : 1;
- unsigned rng_state : 2;
- unsigned drivers_initialized : 1;
+ uint8_t initialized;
+ uint8_t rng_state;
+ uint8_t drivers_initialized;
mbedtls_psa_random_context_t rng;
} psa_global_data_t;
@@ -152,9 +153,15 @@
case 0:
return PSA_SUCCESS;
+#if defined(MBEDTLS_AES_C)
case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+ case MBEDTLS_ERR_AES_BAD_INPUT_DATA:
+ return PSA_ERROR_INVALID_ARGUMENT;
+#endif
+
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C)
case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
@@ -165,26 +172,34 @@
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
-
-#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
- case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+ case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+#endif
+#if defined(MBEDTLS_CCM_C)
case MBEDTLS_ERR_CCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
+#endif
+#if defined(MBEDTLS_CHACHA20_C)
case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
return PSA_ERROR_BAD_STATE;
case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
+#endif
+#if defined(MBEDTLS_CIPHER_C)
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
@@ -199,6 +214,7 @@
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
return PSA_ERROR_CORRUPTION_DETECTED;
+#endif
#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE))
@@ -213,20 +229,24 @@
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
+#if defined(MBEDTLS_DES_C)
case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
+#endif
case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#if defined(MBEDTLS_GCM_C)
case MBEDTLS_ERR_GCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_GCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
+#endif
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
@@ -241,17 +261,24 @@
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
+#if defined(MBEDTLS_MD_LIGHT)
case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MD_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
+#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MD_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
+#endif
+#if defined(MBEDTLS_BIGNUM_C)
+#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
@@ -266,14 +293,19 @@
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
+#endif
+#if defined(MBEDTLS_PK_C)
case MBEDTLS_ERR_PK_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_PK_TYPE_MISMATCH:
case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \
+ defined(MBEDTLS_PSA_ITS_FILE_C)
case MBEDTLS_ERR_PK_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
+#endif
case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -292,12 +324,14 @@
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
+#endif
case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
+#if defined(MBEDTLS_RSA_C)
case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_RSA_INVALID_PADDING:
@@ -315,7 +349,9 @@
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_RSA_RNG_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#endif
+#if defined(MBEDTLS_ECP_LIGHT)
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
case MBEDTLS_ERR_ECP_INVALID_KEY:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -331,8 +367,11 @@
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
+#if defined(MBEDTLS_ECP_RESTARTABLE)
case MBEDTLS_ERR_ECP_IN_PROGRESS:
return PSA_OPERATION_INCOMPLETE;
+#endif
+#endif
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
return PSA_ERROR_CORRUPTION_DETECTED;
@@ -392,45 +431,71 @@
size_t *bits)
{
switch (grpid) {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
+#endif
default:
*bits = 0;
return 0;
@@ -2356,7 +2421,7 @@
goto exit;
}
- if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2405,7 +2470,7 @@
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+ if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2787,7 +2852,7 @@
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
- if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
+ if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 8bc1b64..575f302 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -38,27 +38,6 @@
*/
int psa_can_do_hash(psa_algorithm_t hash_alg);
-/** Constant-time buffer comparison
- *
- * \param[in] a Left-hand buffer for comparison.
- * \param[in] b Right-hand buffer for comparison.
- * \param n Amount of bytes to compare.
- *
- * \return 0 if the buffer contents are equal, non-zero otherwise
- */
-static inline int mbedtls_psa_safer_memcmp(
- const uint8_t *a, const uint8_t *b, size_t n)
-{
- size_t i;
- unsigned char diff = 0;
-
- for (i = 0; i < n; i++) {
- diff |= a[i] ^ b[i];
- }
-
- return diff;
-}
-
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
@@ -246,12 +225,12 @@
const uint8_t *data,
size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index ddf7094..dad1826 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -74,6 +74,25 @@
mbedtls_sha512_free(&operation->ctx.sha512);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_free(&operation->ctx.sha3);
+ break;
+#endif
default:
return PSA_ERROR_BAD_STATE;
}
@@ -135,6 +154,30 @@
ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384);
+ break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+ mbedtls_sha3_init(&operation->ctx.sha3);
+ ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512);
+ break;
+#endif
default:
return PSA_ALG_IS_HASH(alg) ?
PSA_ERROR_NOT_SUPPORTED :
@@ -197,6 +240,26 @@
&source_operation->ctx.sha512);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ mbedtls_sha3_clone(&target_operation->ctx.sha3,
+ &source_operation->ctx.sha3);
+ break;
+#endif
default:
(void) source_operation;
(void) target_operation;
@@ -257,6 +320,26 @@
input, input_length);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ ret = mbedtls_sha3_update(&operation->ctx.sha3,
+ input, input_length);
+ break;
+#endif
default:
(void) input;
(void) input_length;
@@ -327,6 +410,25 @@
ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
break;
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
+ case PSA_ALG_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
+ case PSA_ALG_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
+ case PSA_ALG_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ case PSA_ALG_SHA3_512:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+ ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size);
+ break;
+#endif
default:
(void) hash;
return PSA_ERROR_BAD_STATE;
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 07f123e..2f2c51d 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -29,6 +29,7 @@
#include <mbedtls/md.h>
#include <mbedtls/error.h>
+#include "mbedtls/constant_time.h"
#include <string.h>
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
@@ -453,7 +454,7 @@
goto cleanup;
}
- if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
+ if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index 8de8569..7a904d9 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -28,7 +28,7 @@
#include "psa_crypto_slot_management.h"
#include <mbedtls/ecjpake.h>
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
#include <mbedtls/platform.h>
#include <mbedtls/error.h>
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 2a75a43..8719d9c 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -30,7 +30,7 @@
#ifndef PSA_CRYPTO_RANDOM_IMPL_H
#define PSA_CRYPTO_RANDOM_IMPL_H
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index a10cb2b..ef285ac 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -38,7 +38,7 @@
typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
- unsigned key_slots_initialized : 1;
+ uint8_t key_slots_initialized;
} psa_global_data_t;
static psa_global_data_t global_data;
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index edd9b94..37ca46e 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -202,7 +202,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
-#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
+#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
diff --git a/library/psa_util.c b/library/psa_util.c
index 3d43b58..dd5e134 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -25,7 +25,7 @@
#include <psa/crypto.h>
#include "psa_crypto_core.h"
-#include <psa_util_internal.h>
+#include "psa_util_internal.h"
/* The following includes are needed for MBEDTLS_ERR_XXX macros */
#include <mbedtls/error.h>
diff --git a/library/ripemd160.c b/library/ripemd160.c
index ba97c1f..49fee85 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -356,12 +356,12 @@
ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
if (ret != 0) {
- return ret;
+ goto exit;
}
ret = mbedtls_ripemd160_update(ctx, msglen, 8);
if (ret != 0) {
- return ret;
+ goto exit;
}
MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
@@ -370,7 +370,11 @@
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_ripemd160_free(ctx);
+ return ret;
}
#endif /* ! MBEDTLS_RIPEMD160_ALT */
diff --git a/library/sha1.c b/library/sha1.c
index 4c9cbf5..28a57b6 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -322,7 +322,7 @@
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -339,7 +339,7 @@
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -351,7 +351,11 @@
MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha1_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA1_ALT */
@@ -382,7 +386,6 @@
exit:
mbedtls_sha1_free(&ctx);
-
return ret;
}
diff --git a/library/sha256.c b/library/sha256.c
index 5df61ac..5375255 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -697,7 +697,7 @@
memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -714,7 +714,7 @@
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -736,7 +736,11 @@
MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha256_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA256_ALT */
diff --git a/library/sha3.c b/library/sha3.c
index 4b97a85..4c1a1a9 100644
--- a/library/sha3.c
+++ b/library/sha3.c
@@ -200,7 +200,7 @@
}
}
- if (p == NULL || p->id == MBEDTLS_SHA3_NONE) {
+ if (p->id == MBEDTLS_SHA3_NONE) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
}
@@ -259,10 +259,13 @@
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
uint8_t *output, size_t olen)
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
/* Catch SHA-3 families, with fixed output length */
if (ctx->olen > 0) {
if (ctx->olen > olen) {
- return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ goto exit;
}
olen = ctx->olen;
}
@@ -280,7 +283,11 @@
}
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha3_free(ctx);
+ return ret;
}
/*
diff --git a/library/sha512.c b/library/sha512.c
index 5ed920b..a91d792 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -844,7 +844,7 @@
memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
memset(ctx->buffer, 0, 112);
@@ -861,7 +861,7 @@
sha512_put_uint64_be(low, ctx->buffer, 120);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
- return ret;
+ goto exit;
}
/*
@@ -883,7 +883,11 @@
sha512_put_uint64_be(ctx->state[7], output, 56);
}
- return 0;
+ ret = 0;
+
+exit:
+ mbedtls_sha512_free(ctx);
+ return ret;
}
#endif /* !MBEDTLS_SHA512_ALT */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a0cf530..d2c050b 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for mbed TLS
+ * \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/library/ssl_client.c b/library/ssl_client.c
index dc2b650..7114ef0 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index c8ffc1e..85632a1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1973,7 +1973,7 @@
increment = mbedtls_ct_size_if_else_0(b, increment);
pad_count += increment;
}
- correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), padlen);
+ correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), correct);
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if (padlen > 0 && correct == 0) {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6ed8a86..7a1f855 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7722,7 +7722,7 @@
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
- mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
+ mbedtls_platform_zeroize(padbuf, hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 77325c3..d018bee 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 20cecdb..81fa514 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -837,6 +837,8 @@
ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
+#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+ (void) ssl;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));
diff --git a/library/x509.c b/library/x509.c
index 790decf..990393c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1168,6 +1168,7 @@
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
+ other_name->type_id = cur_oid;
p += len;
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
@@ -1559,7 +1560,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &other_name->value.hardware_module_name.oid) != 0) {
+ &other_name->type_id) == 0) {
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
ret =
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 2cbced2..8d07694 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2754,8 +2754,8 @@
p++;
}
if (num_digits != 0) {
- addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group :
- (group << 8) | (group >> 8);
+ MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
+ nonzero_groups++;
if (*p == '\0') {
break;
} else if (*p == '.') {
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 4777ee0..6734a14 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -65,7 +65,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fb6f371..1e648e8 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -775,9 +775,9 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
+ "Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9416c3c..12d3057 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -66,7 +66,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index bb49155..ad82567 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -59,7 +59,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 58c2f1e..e3fabec 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -173,7 +173,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 735684e..a75f8d9 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -45,11 +45,13 @@
${PERL}
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
${CMAKE_CURRENT_BINARY_DIR}/query_config.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
)
# this file will also be used in another directory, so create a target, see
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
index 518d2e9..019e6e7 100644
--- a/programs/test/cmake_package/CMakeLists.txt
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index fb5ad51..6070a6c 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index a9fcfde..3c3cba3 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 3.5.1)
# Test the target renaming support by adding a prefix to the targets built
set(MBEDTLS_TARGET_PREFIX subproject_test_)
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 2541683..a550516 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -65,6 +65,7 @@
mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
mbedtls/config_*.h) :;; # not meant for direct inclusion
psa/crypto_config.h) :;; # not meant for direct inclusion
+ psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
# Some of the psa/crypto_*.h headers are not meant to be included
# directly. They do have include guards that make them no-ops if
# psa/crypto.h has been included before. Since psa/crypto.h comes
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 7fc8c6c..19d90bc 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -131,7 +131,7 @@
sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
- sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
@@ -142,7 +142,7 @@
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp
+ sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 3ddc417..7dbcfe8 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -11,8 +11,10 @@
# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
mypy >= 0.780
-# Install cryptography to avoid import-error reported by pylint.
-# What we really need is cryptography >= 35.0.0, which is only
-# available for Python >= 3.6.
-cryptography >= 35.0.0; sys_platform == 'linux' and python_version >= '3.6'
-cryptography; sys_platform == 'linux' and python_version < '3.6'
+# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
+# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
+# but our CI has Python 3.5. So let pip install the newest version that's
+# compatible with the running Python: this way we get something good enough
+# for mypy and pylint under Python 3.5, and we also get something good enough
+# to run audit-validity-dates.py on Python >=3.6.
+cryptography # >= 35.0.0
diff --git a/scripts/config.py b/scripts/config.py
index 4ff5166..6e7fc84 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -190,6 +190,7 @@
EXCLUDE_FROM_FULL = frozenset([
#pylint: disable=line-too-long
'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
+ 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
@@ -233,7 +234,12 @@
Exclude alternative implementations of library functions since they require
an implementation of the relevant functions and an xxx_alt.h header.
"""
- if name in ('MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT'):
+ if name in (
+ 'MBEDTLS_PLATFORM_GMTIME_R_ALT',
+ 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
+ 'MBEDTLS_PLATFORM_MS_TIME_ALT',
+ 'MBEDTLS_PLATFORM_ZEROIZE_ALT',
+ ):
# Similar to non-platform xxx_ALT, requires platform_alt.h
return False
return name.startswith('MBEDTLS_PLATFORM_')
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 3ecd74d..1b52066 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -32,6 +32,7 @@
#include "psa_crypto_rsa.h"
#include "mbedtls/platform.h"
+#include "mbedtls/constant_time.h"
/* END-common headers */
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -2253,7 +2254,7 @@
if( status == PSA_SUCCESS )
{
if( tag_length != check_tag_length ||
- mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
+ mbedtls_ct_memcmp( tag, check_tag, tag_length )
!= 0 )
status = PSA_ERROR_INVALID_SIGNATURE;
}
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 6c0fc25..ae95db4 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -17,7 +17,7 @@
#
# Purpose
#
-# This script determines ROM size (or code size) for the standard mbed TLS
+# This script determines ROM size (or code size) for the standard Mbed TLS
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
@@ -108,7 +108,7 @@
fi
log ""
-log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
+log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index e0de6b7..49cca2e 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -39,8 +39,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "mbed TLS modules",
- "mbed TLS feature support" );
+my @sections = ( "System support", "Mbed TLS modules",
+ "Mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index ddbebfa..69eca83 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -7,15 +7,16 @@
# form (if any). This facilitates querying the compile time configuration of
# the library, for example, for testing.
#
-# The query_config.c is generated from the current configuration at
-# include/mbedtls/mbedtls_config.h. The idea is that the mbedtls_config.h contains ALL the
+# The query_config.c is generated from the default configuration files
+# include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h.
+# The idea is that mbedtls_config.h and crypto_config.h contain ALL the
# compile time configurations available in Mbed TLS (commented or uncommented).
-# This script extracts the configuration macros from the mbedtls_config.h and this
+# This script extracts the configuration macros from the two files and this
# information is used to automatically generate the body of the query_config()
# function by using the template in scripts/data_files/query_config.fmt.
#
# Usage: scripts/generate_query_config.pl without arguments, or
-# generate_query_config.pl mbedtls_config_file template_file output_file [psa_crypto_config_file]
+# generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@@ -34,29 +35,25 @@
use strict;
-my ($mbedtls_config_file, $query_config_format_file, $query_config_file, $psa_crypto_config_file);
+my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file);
my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h";
+my $default_psa_crypto_config_file = "./include/psa/crypto_config.h";
my $default_query_config_format_file = "./scripts/data_files/query_config.fmt";
my $default_query_config_file = "./programs/test/query_config.c";
-my $default_psa_crypto_config_file = "./include/psa/crypto_config.h";
if( @ARGV ) {
- die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 3;
- ($mbedtls_config_file, $query_config_format_file, $query_config_file) = @ARGV;
+ die "Invalid number of arguments - usage: $0 [MBED_TLS_CONFIG_FILE PSA_CRYPTO_CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4;
+ ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV;
-f $mbedtls_config_file or die "No such file: $mbedtls_config_file";
+ -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file";
-f $query_config_format_file or die "No such file: $query_config_format_file";
- if (defined($psa_crypto_config_file) && length($psa_crypto_config_file)) {
- -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file";
- } else {
- $psa_crypto_config_file = (-f $default_psa_crypto_config_file) ? $default_psa_crypto_config_file : undef;
- }
} else {
$mbedtls_config_file = $default_mbedtls_config_file;
+ $psa_crypto_config_file = $default_psa_crypto_config_file;
$query_config_format_file = $default_query_config_format_file;
$query_config_file = $default_query_config_file;
- $psa_crypto_config_file = $default_psa_crypto_config_file;
unless(-f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file) {
chdir '..' or die;
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 8d141ee..6bba02f 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -51,7 +51,7 @@
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py
index f52b785..b48a277 100644
--- a/scripts/mbedtls_dev/build_tree.py
+++ b/scripts/mbedtls_dev/build_tree.py
@@ -19,12 +19,19 @@
import os
import inspect
+def looks_like_psa_crypto_root(path: str) -> bool:
+ """Whether the given directory looks like the root of the PSA Crypto source tree."""
+ return all(os.path.isdir(os.path.join(path, subdir))
+ for subdir in ['include', 'core', 'drivers', 'programs', 'tests'])
def looks_like_mbedtls_root(path: str) -> bool:
"""Whether the given directory looks like the root of the Mbed TLS source tree."""
return all(os.path.isdir(os.path.join(path, subdir))
for subdir in ['include', 'library', 'programs', 'tests'])
+def looks_like_root(path: str) -> bool:
+ return looks_like_psa_crypto_root(path) or looks_like_mbedtls_root(path)
+
def check_repo_path():
"""
Check that the current working directory is the project root, and throw
@@ -42,7 +49,7 @@
for d in [os.path.curdir,
os.path.pardir,
os.path.join(os.path.pardir, os.path.pardir)]:
- if looks_like_mbedtls_root(d):
+ if looks_like_root(d):
os.chdir(d)
return
raise Exception('Mbed TLS source tree not found')
@@ -62,6 +69,6 @@
if d in dirs:
continue
dirs.add(d)
- if looks_like_mbedtls_root(d):
+ if looks_like_root(d):
return d
raise Exception('Mbed TLS source tree not found')
diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py
new file mode 100644
index 0000000..7593952
--- /dev/null
+++ b/scripts/mbedtls_dev/crypto_data_tests.py
@@ -0,0 +1,123 @@
+"""Generate test data for cryptographic mechanisms.
+
+This module is a work in progress, only implementing a few cases for now.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import hashlib
+from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import
+
+from . import crypto_knowledge
+from . import psa_information
+from . import test_case
+
+
+def psa_low_level_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols.
+
+ This function generates MBEDTLS_PSA_BUILTIN_xxx symbols.
+ """
+ high_level = psa_information.automatic_dependencies(*expressions)
+ for dep in high_level:
+ assert dep.startswith('PSA_WANT_')
+ return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level]
+
+
+class HashPSALowLevel:
+ """Generate test cases for the PSA low-level hash interface."""
+
+ def __init__(self, info: psa_information.Information) -> None:
+ self.info = info
+ base_algorithms = sorted(info.constructors.algorithms)
+ all_algorithms = \
+ [crypto_knowledge.Algorithm(expr)
+ for expr in info.constructors.generate_expressions(base_algorithms)]
+ self.algorithms = \
+ [alg
+ for alg in all_algorithms
+ if (not alg.is_wildcard and
+ alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))]
+
+ # CALCULATE[alg] = function to return the hash of its argument in hex
+ # TO-DO: implement the None entries with a third-party library, because
+ # hashlib might not have everything, depending on the Python version and
+ # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake
+ # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not
+ # available.
+ CALCULATE = {
+ 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(),
+ 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest()
+ 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(),
+ 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(),
+ 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(),
+ 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(),
+ 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(),
+ 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest()
+ 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest()
+ 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(),
+ 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(),
+ 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(),
+ 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(),
+ 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64),
+ } #type: Dict[str, Optional[Callable[[bytes], str]]]
+
+ @staticmethod
+ def one_test_case(alg: crypto_knowledge.Algorithm,
+ function: str, note: str,
+ arguments: List[str]) -> test_case.TestCase:
+ """Construct one test case involving a hash."""
+ tc = test_case.TestCase()
+ tc.set_description('{}{} {}'
+ .format(function,
+ ' ' + note if note else '',
+ alg.short_expression()))
+ tc.set_dependencies(psa_low_level_dependencies(alg.expression))
+ tc.set_function(function)
+ tc.set_arguments([alg.expression] +
+ ['"{}"'.format(arg) for arg in arguments])
+ return tc
+
+ def test_cases_for_hash(self,
+ alg: crypto_knowledge.Algorithm
+ ) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for one hash algorithm."""
+ calc = self.CALCULATE[alg.expression]
+ if calc is None:
+ return # not implemented yet
+
+ short = b'abc'
+ hash_short = calc(short)
+ long = (b'Hello, world. Here are 16 unprintable bytes: ['
+ b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a'
+ b'\x80\x81\x82\x83\xfe\xff]. '
+ b' This message was brought to you by a natural intelligence. '
+ b' If you can read this, good luck with your debugging!')
+ hash_long = calc(long)
+
+ yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')])
+ yield self.one_test_case(alg, 'hash_valid_one_shot', '',
+ [short.hex(), hash_short])
+ for n in [0, 1, 64, len(long) - 1, len(long)]:
+ yield self.one_test_case(alg, 'hash_valid_multipart',
+ '{} + {}'.format(n, len(long) - n),
+ [long[:n].hex(), calc(long[:n]),
+ long[n:].hex(), hash_long])
+
+ def all_test_cases(self) -> Iterator[test_case.TestCase]:
+ """Enumerate all test cases for all hash algorithms."""
+ for alg in self.algorithms:
+ yield from self.test_cases_for_hash(alg)
diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py
new file mode 100644
index 0000000..a82df41
--- /dev/null
+++ b/scripts/mbedtls_dev/psa_information.py
@@ -0,0 +1,162 @@
+"""Collect information about PSA cryptographic mechanisms.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import re
+from typing import Dict, FrozenSet, List, Optional
+
+from . import macro_collector
+
+
+class Information:
+ """Gather information about PSA constructors."""
+
+ def __init__(self) -> None:
+ self.constructors = self.read_psa_interface()
+
+ @staticmethod
+ def remove_unwanted_macros(
+ constructors: macro_collector.PSAMacroEnumerator
+ ) -> None:
+ # Mbed TLS does not support finite-field DSA.
+ # Don't attempt to generate any related test case.
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
+
+ def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
+ """Return the list of known key types, algorithms, etc."""
+ constructors = macro_collector.InputsForTest()
+ header_file_names = ['include/psa/crypto_values.h',
+ 'include/psa/crypto_extra.h']
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
+ for header_file_name in header_file_names:
+ constructors.parse_header(header_file_name)
+ for test_cases in test_suites:
+ constructors.parse_test_cases(test_cases)
+ self.remove_unwanted_macros(constructors)
+ constructors.gather_arguments()
+ return constructors
+
+
+def psa_want_symbol(name: str) -> str:
+ """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
+ if name.startswith('PSA_'):
+ return name[:4] + 'WANT_' + name[4:]
+ else:
+ raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
+
+def finish_family_dependency(dep: str, bits: int) -> str:
+ """Finish dep if it's a family dependency symbol prefix.
+
+ A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
+ qualified by the key size. If dep is such a symbol, finish it by adjusting
+ the prefix and appending the key size. Other symbols are left unchanged.
+ """
+ return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
+
+def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
+ """Finish any family dependency symbol prefixes.
+
+ Apply `finish_family_dependency` to each element of `dependencies`.
+ """
+ return [finish_family_dependency(dep, bits) for dep in dependencies]
+
+SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
+ 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
+ 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
+ 'PSA_ALG_ANY_HASH', # only in policies
+ 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
+ 'PSA_ALG_KEY_AGREEMENT', # chaining
+ 'PSA_ALG_TRUNCATED_MAC', # modifier
+])
+def automatic_dependencies(*expressions: str) -> List[str]:
+ """Infer dependencies of a test case by looking for PSA_xxx symbols.
+
+ The arguments are strings which should be C expressions. Do not use
+ string literals or comments as this function is not smart enough to
+ skip them.
+ """
+ used = set()
+ for expr in expressions:
+ used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+ used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
+ return sorted(psa_want_symbol(name) for name in used)
+
+# Define set of regular expressions and dependencies to optionally append
+# extra dependencies for test case.
+AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)'
+AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"]
+
+DEPENDENCY_FROM_KEY = {
+ AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP
+}#type: Dict[str, List[str]]
+def generate_key_dependencies(description: str) -> List[str]:
+ """Return additional dependencies based on pairs of REGEX and dependencies.
+ """
+ deps = []
+ for regex, dep in DEPENDENCY_FROM_KEY.items():
+ if re.search(regex, description):
+ deps += dep
+
+ return deps
+
+# A temporary hack: at the time of writing, not all dependency symbols
+# are implemented yet. Skip test cases for which the dependency symbols are
+# not available. Once all dependency symbols are available, this hack must
+# be removed so that a bug in the dependency symbols properly leads to a test
+# failure.
+def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
+ return frozenset(symbol
+ for line in open(filename)
+ for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
+_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
+def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
+ global _implemented_dependencies #pylint: disable=global-statement,invalid-name
+ if _implemented_dependencies is None:
+ _implemented_dependencies = \
+ read_implemented_dependencies('include/psa/crypto_config.h')
+ if not all((dep.lstrip('!') in _implemented_dependencies or
+ not dep.lstrip('!').startswith('PSA_WANT'))
+ for dep in dependencies):
+ dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
+
+def tweak_key_pair_dependency(dep: str, usage: str):
+ """
+ This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
+ symbols according to the required usage.
+ """
+ ret_list = list()
+ if dep.endswith('KEY_PAIR'):
+ if usage == "BASIC":
+ # BASIC automatically includes IMPORT and EXPORT for test purposes (see
+ # config_psa.h).
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
+ elif usage == "GENERATE":
+ ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
+ else:
+ # No replacement to do in this case
+ ret_list.append(dep)
+ return ret_list
+
+def fix_key_pair_dependencies(dep_list: List[str], usage: str):
+ new_list = [new_deps
+ for dep in dep_list
+ for new_deps in tweak_key_pair_dependency(dep, usage)]
+
+ return new_list
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
index bae9938..a2e4c74 100644
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@@ -27,6 +27,7 @@
import unittest
from . import c_build_helper
+from . import build_tree
class Expr:
@@ -51,13 +52,16 @@
def update_cache(self) -> None:
"""Update `value_cache` for expressions registered in `unknown_values`."""
expressions = sorted(self.unknown_values)
+ includes = ['include']
+ if build_tree.looks_like_psa_crypto_root('.'):
+ includes.append('drivers/builtin/include')
values = c_build_helper.get_c_expression_values(
'unsigned long', '%lu',
expressions,
header="""
#include <psa/crypto.h>
""",
- include_path=['include']) #type: List[str]
+ include_path=includes) #type: List[str]
for e, v in zip(expressions, values):
self.value_cache[e] = int(v, 0)
self.unknown_values.clear()
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 9bd93f1..0869aaa 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -118,8 +118,10 @@
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_data_tests.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_information.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
diff --git a/tests/Makefile b/tests/Makefile
index 75dc3c6..ec016d8 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -121,8 +121,10 @@
$(GENERATED_PSA_DATA_FILES): generated_psa_test_data
generated_psa_test_data: scripts/generate_psa_tests.py
+generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py
generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
+generated_psa_test_data: ../scripts/mbedtls_dev/psa_information.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py
diff --git a/tests/compat.sh b/tests/compat.sh
index 2e03e44..252736b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -126,10 +126,41 @@
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
+ printf " --list-test-case\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
}
+# print_test_case <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+print_test_case() {
+ for i in $3; do
+ uniform_title $1 $2 $i
+ echo $TITLE
+ done
+}
+
+# list_test_case lists all potential test cases in compat.sh without execution
+list_test_case() {
+ reset_ciphersuites
+ for TYPE in $TYPES; do
+ add_common_ciphersuites
+ add_openssl_ciphersuites
+ add_gnutls_ciphersuites
+ add_mbedtls_ciphersuites
+ done
+
+ for VERIFY in $VERIFIES; do
+ VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
+ for MODE in $MODES; do
+ print_test_case m O "$O_CIPHERS"
+ print_test_case O m "$O_CIPHERS"
+ print_test_case m G "$G_CIPHERS"
+ print_test_case G m "$G_CIPHERS"
+ print_test_case m m "$M_CIPHERS"
+ done
+ done
+}
+
get_options() {
while [ $# -gt 0 ]; do
case "$1" in
@@ -157,6 +188,12 @@
-M|--memcheck)
MEMCHECK=1
;;
+ # Please check scripts/check_test_cases.py correspondingly
+ # if you have to modify option, --list-test-case
+ --list-test-case)
+ list_test_case
+ exit $?
+ ;;
--outcome-file)
shift; MBEDTLS_TEST_OUTCOME_FILE=$1
;;
@@ -225,7 +262,7 @@
{
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then
- # Ciphersuite for mbed TLS
+ # Ciphersuite for Mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
@@ -235,7 +272,7 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # For GnuTLS client -> mbed TLS server,
+ # For GnuTLS client -> Mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then
G_CIPHERS=""
@@ -826,6 +863,14 @@
echo "EXIT: $EXIT" >> $CLI_OUT
}
+# uniform_title <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+# $TITLE is considered as test case description for both --list-test-case and
+# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of
+# each test case description.
+uniform_title() {
+ TITLE="$1->$2 $MODE,$VERIF $3"
+}
+
# record_outcome <outcome> [<failure-reason>]
record_outcome() {
echo "$1"
@@ -863,8 +908,7 @@
run_client() {
# announce what we're going to do
TESTS=$(( $TESTS + 1 ))
- TITLE="${1%"${1#?}"}->${SERVER_NAME%"${SERVER_NAME#?}"}"
- TITLE="$TITLE $MODE,$VERIF $2"
+ uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2
DOTS72="........................................................................"
printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72"
diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h
new file mode 100644
index 0000000..fcdd1f0
--- /dev/null
+++ b/tests/configs/user-config-zeroize-memset.h
@@ -0,0 +1,29 @@
+/* mbedtls_config.h modifier that defines mbedtls_platform_zeroize() to be
+ * memset(), so that the compile can check arguments for us.
+ * Used for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string.h>
+
+/* Define _ALT so we don't get the built-in implementation. The test code will
+ * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the
+ * declaration. */
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len)
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index c41b559..21ca489 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1,7 +1,7 @@
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
-## need to use this makefile unless you're extending mbed TLS's tests.
+## need to use this makefile unless you're extending Mbed TLS's tests.
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8e978ac..ffac222 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -123,15 +123,27 @@
# Enable ksh/bash extended file matching patterns
shopt -s extglob
+in_mbedtls_repo () {
+ test -d include -a -d library -a -d programs -a -d tests
+}
+
+in_psa_crypto_repo () {
+ test -d include -a -d core -a -d drivers -a -d programs -a -d tests
+}
+
pre_check_environment () {
- if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ if in_mbedtls_repo || in_psa_crypto_repo; then :; else
+ echo "Must be run from Mbed TLS / psa-crypto root" >&2
exit 1
fi
}
pre_initialize_variables () {
- CONFIG_H='include/mbedtls/mbedtls_config.h'
+ if in_mbedtls_repo; then
+ CONFIG_H='include/mbedtls/mbedtls_config.h'
+ else
+ CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+ fi
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
@@ -141,8 +153,10 @@
backup_suffix='.all.bak'
# Files clobbered by config.py
files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
- # Files clobbered by in-tree cmake
- files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ if in_mbedtls_repo; then
+ # Files clobbered by in-tree cmake
+ files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
+ fi
append_outcome=0
MEMORY=0
@@ -299,7 +313,9 @@
# Does not remove generated source files.
cleanup()
{
- command make clean
+ if in_mbedtls_repo; then
+ command make clean
+ fi
# Remove CMake artefacts
find . -name .git -prune -o \
@@ -556,7 +572,7 @@
fi
if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
+ err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force"
exit 1
@@ -1872,6 +1888,16 @@
export SKIP_TEST_SUITES
}
+skip_all_except_given_suite () {
+ # Skip all but the given test suite
+ SKIP_TEST_SUITES=$(
+ ls -1 tests/suites/test_suite_*.function |
+ grep -v $1.function |
+ sed 's/tests.suites.test_suite_//; s/\.function$//' |
+ tr '\n' ,)
+ export SKIP_TEST_SUITES
+}
+
component_test_memsan_constant_flow () {
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
@@ -1931,6 +1957,16 @@
# details are left in Testing/<date>/DynamicAnalysis.xml
msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
make memcheck
+
+ # Test asm path in constant time module - by default, it will test the plain C
+ # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
+ msg "test: valgrind asm constant_time"
+ scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
+ skip_all_except_given_suite test_suite_constant_time
+ cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make clean
+ make
+ make memcheck
}
component_test_valgrind_constant_flow_psa () {
@@ -5081,6 +5117,16 @@
}
+component_build_zeroize_checks () {
+ msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
+
+ scripts/config.py full
+
+ # Only compile - we're looking for sizeof-pointer-memaccess warnings
+ make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
+}
+
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
@@ -5264,7 +5310,9 @@
pre_print_configuration
pre_check_tools
cleanup
-pre_generate_files
+if in_mbedtls_repo; then
+ pre_generate_files
+fi
# Run the requested tests.
for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index c6891bb..3b91bfb 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -73,15 +73,22 @@
Results.log("Error: failed to run reference/driver components")
sys.exit(ret_val)
-def analyze_coverage(results, outcomes):
+def analyze_coverage(results, outcomes, allow_list, full_coverage):
"""Check that all available test cases are executed at least once."""
available = check_test_cases.collect_available_test_cases()
for key in available:
hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- # Make this a warning, not an error, as long as we haven't
- # fixed this branch to have full coverage of test cases.
- results.warning('Test case not executed: {}', key)
+ if hits == 0 and key not in allow_list:
+ if full_coverage:
+ results.error('Test case not executed: {}', key)
+ else:
+ results.warning('Test case not executed: {}', key)
+ elif hits != 0 and key in allow_list:
+ # Test Case should be removed from the allow list.
+ if full_coverage:
+ results.error('Allow listed test case was executed: {}', key)
+ else:
+ results.warning('Allow listed test case was executed: {}', key)
def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
ignored_suites, ignored_test=None):
@@ -122,10 +129,11 @@
result = False
return result
-def analyze_outcomes(outcomes):
+def analyze_outcomes(outcomes, args):
"""Run all analyses on the given outcome collection."""
results = Results()
- analyze_coverage(results, outcomes)
+ analyze_coverage(results, outcomes, args['allow_list'],
+ args['full_coverage'])
return results
def read_outcome_file(outcome_file):
@@ -151,10 +159,9 @@
def do_analyze_coverage(outcome_file, args):
"""Perform coverage analysis."""
- del args # unused
outcomes = read_outcome_file(outcome_file)
Results.log("\n*** Analyze coverage ***\n")
- results = analyze_outcomes(outcomes)
+ results = analyze_outcomes(outcomes, args)
return results.error_count == 0
def do_analyze_driver_vs_reference(outcome_file, args):
@@ -175,8 +182,16 @@
TASKS = {
'analyze_coverage': {
'test_function': do_analyze_coverage,
- 'args': {}
- },
+ 'args': {
+ 'allow_list': [
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Cipher: XTS',
+ ],
+ 'full_coverage': False,
+ }
+ },
# There are 2 options to use analyze_driver_vs_reference_xxx locally:
# 1. Run tests and then analysis:
# - tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
@@ -426,6 +441,11 @@
'comma/space-separated list of tasks. ')
parser.add_argument('--list', action='store_true',
help='List all available tasks and exit.')
+ parser.add_argument('--require-full-coverage', action='store_true',
+ dest='full_coverage', help="Require all available "
+ "test cases to be executed and issue an error "
+ "otherwise. This flag is ignored if 'task' is "
+ "neither 'all' nor 'analyze_coverage'")
options = parser.parse_args()
if options.list:
@@ -445,6 +465,9 @@
Results.log('Error: invalid task: {}'.format(task))
sys.exit(1)
+ TASKS['analyze_coverage']['args']['full_coverage'] = \
+ options.full_coverage
+
for task in TASKS:
if task in tasks:
if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']):
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 32be0ee..43a91ee 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -43,7 +43,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 3ed7069..dd95530 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -68,7 +68,7 @@
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
- die "This script must be run from the mbed TLS root directory";
+ die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 4d6f930..a1c37e9 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -35,7 +35,7 @@
fi
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
index d84ed04..1395d4d 100755
--- a/tests/scripts/check_test_cases.py
+++ b/tests/scripts/check_test_cases.py
@@ -25,6 +25,7 @@
import glob
import os
import re
+import subprocess
import sys
class Results:
@@ -111,6 +112,19 @@
self.process_test_case(descriptions,
file_name, line_number, description)
+ def walk_compat_sh(self, file_name):
+ """Iterate over the test cases compat.sh with a similar format."""
+ descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
+ compat_cmd = ['sh', file_name, '--list-test-case']
+ compat_output = subprocess.check_output(compat_cmd)
+ # Assume compat.sh is responsible for printing identical format of
+ # test case description between --list-test-case and its OUTCOME.CSV
+ description = compat_output.strip().split(b'\n')
+ # idx indicates the number of test case since there is no line number
+ # in `compat.sh` for each test case.
+ for idx, descrip in enumerate(description):
+ self.process_test_case(descriptions, file_name, idx, descrip)
+
@staticmethod
def collect_test_directories():
"""Get the relative path for the TLS and Crypto test directories."""
@@ -136,6 +150,9 @@
for ssl_opt_file_name in glob.glob(os.path.join(directory, 'opt-testcases',
'*.sh')):
self.walk_ssl_opt_sh(ssl_opt_file_name)
+ compat_sh = os.path.join(directory, 'compat.sh')
+ if os.path.exists(compat_sh):
+ self.walk_compat_sh(compat_sh)
class TestDescriptions(TestDescriptionExplorer):
"""Collect the available test cases."""
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2bc8dc9..cb87829 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -21,7 +21,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index a640b56..a51fbc9 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -41,7 +41,7 @@
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
- echo " [!] Must be run from mbed TLS tests directory" >&2
+ echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 9934578..b6f83c1 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -26,151 +26,15 @@
from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import crypto_data_tests
from mbedtls_dev import crypto_knowledge
-from mbedtls_dev import macro_collector
+from mbedtls_dev import macro_collector #pylint: disable=unused-import
+from mbedtls_dev import psa_information
from mbedtls_dev import psa_storage
from mbedtls_dev import test_case
from mbedtls_dev import test_data_generation
-def psa_want_symbol(name: str) -> str:
- """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
- if name.startswith('PSA_'):
- return name[:4] + 'WANT_' + name[4:]
- else:
- raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
-
-def finish_family_dependency(dep: str, bits: int) -> str:
- """Finish dep if it's a family dependency symbol prefix.
-
- A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
- qualified by the key size. If dep is such a symbol, finish it by adjusting
- the prefix and appending the key size. Other symbols are left unchanged.
- """
- return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
-
-def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
- """Finish any family dependency symbol prefixes.
-
- Apply `finish_family_dependency` to each element of `dependencies`.
- """
- return [finish_family_dependency(dep, bits) for dep in dependencies]
-
-SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
- 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
- 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
- 'PSA_ALG_ANY_HASH', # only in policies
- 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
- 'PSA_ALG_KEY_AGREEMENT', # chaining
- 'PSA_ALG_TRUNCATED_MAC', # modifier
-])
-def automatic_dependencies(*expressions: str) -> List[str]:
- """Infer dependencies of a test case by looking for PSA_xxx symbols.
-
- The arguments are strings which should be C expressions. Do not use
- string literals or comments as this function is not smart enough to
- skip them.
- """
- used = set()
- for expr in expressions:
- used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
- used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
- return sorted(psa_want_symbol(name) for name in used)
-
-# Define set of regular expressions and dependencies to optionally append
-# extra dependencies for test case.
-AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)'
-AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"]
-
-DEPENDENCY_FROM_KEY = {
- AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP
-}#type: Dict[str, List[str]]
-def generate_key_dependencies(description: str) -> List[str]:
- """Return additional dependencies based on pairs of REGEX and dependencies.
- """
- deps = []
- for regex, dep in DEPENDENCY_FROM_KEY.items():
- if re.search(regex, description):
- deps += dep
-
- return deps
-
-# A temporary hack: at the time of writing, not all dependency symbols
-# are implemented yet. Skip test cases for which the dependency symbols are
-# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols properly leads to a test
-# failure.
-def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
- return frozenset(symbol
- for line in open(filename)
- for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
-_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
-def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
- global _implemented_dependencies #pylint: disable=global-statement,invalid-name
- if _implemented_dependencies is None:
- _implemented_dependencies = \
- read_implemented_dependencies('include/psa/crypto_config.h')
- if not all((dep.lstrip('!') in _implemented_dependencies or
- not dep.lstrip('!').startswith('PSA_WANT'))
- for dep in dependencies):
- dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
-
-def tweak_key_pair_dependency(dep: str, usage: str):
- """
- This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- symbols according to the required usage.
- """
- ret_list = list()
- if dep.endswith('KEY_PAIR'):
- if usage == "BASIC":
- # BASIC automatically includes IMPORT and EXPORT for test purposes (see
- # config_psa.h).
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
- elif usage == "GENERATE":
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
- else:
- # No replacement to do in this case
- ret_list.append(dep)
- return ret_list
-
-def fix_key_pair_dependencies(dep_list: List[str], usage: str):
- new_list = [new_deps
- for dep in dep_list
- for new_deps in tweak_key_pair_dependency(dep, usage)]
-
- return new_list
-
-class Information:
- """Gather information about PSA constructors."""
-
- def __init__(self) -> None:
- self.constructors = self.read_psa_interface()
-
- @staticmethod
- def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroEnumerator
- ) -> None:
- # Mbed TLS does not support finite-field DSA.
- # Don't attempt to generate any related test case.
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
-
- def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
- """Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.InputsForTest()
- header_file_names = ['include/psa/crypto_values.h',
- 'include/psa/crypto_extra.h']
- test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
- for header_file_name in header_file_names:
- constructors.parse_header(header_file_name)
- for test_cases in test_suites:
- constructors.parse_test_cases(test_cases)
- self.remove_unwanted_macros(constructors)
- constructors.gather_arguments()
- return constructors
-
def test_case_for_key_type_not_supported(
verb: str, key_type: str, bits: int,
@@ -181,7 +45,7 @@
"""Return one test case exercising a key creation method
for an unsupported key type or size.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
adverb = 'not' if dependencies else 'never'
@@ -197,7 +61,7 @@
class KeyTypeNotSupported:
"""Generate test cases for when a key type is not supported."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ALWAYS_SUPPORTED = frozenset([
@@ -224,20 +88,22 @@
# They would be skipped in all configurations, which is noise.
return
import_dependencies = [('!' if param is None else '') +
- psa_want_symbol(kt.name)]
+ psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
import_dependencies += [('!' if param == i else '') +
- psa_want_symbol(sym)
+ psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
generate_dependencies = []
else:
- generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
- import_dependencies = fix_key_pair_dependencies(import_dependencies, 'BASIC')
+ generate_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
+ import_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'BASIC')
for bits in kt.sizes_to_test():
yield test_case_for_key_type_not_supported(
'import', kt.expression, bits,
- finish_family_dependencies(import_dependencies, bits),
+ psa_information.finish_family_dependencies(import_dependencies, bits),
test_case.hex_string(kt.key_material(bits)),
param_descr=param_descr,
)
@@ -251,7 +117,7 @@
if not kt.is_public():
yield test_case_for_key_type_not_supported(
'generate', kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
+ psa_information.finish_family_dependencies(generate_dependencies, bits),
str(bits),
param_descr=param_descr,
)
@@ -294,7 +160,7 @@
) -> test_case.TestCase:
"""Return one test case exercising a key generation.
"""
- hack_dependencies_not_implemented(dependencies)
+ psa_information.hack_dependencies_not_implemented(dependencies)
tc = test_case.TestCase()
short_key_type = crypto_knowledge.short_expression(key_type)
tc.set_description('PSA {} {}-bit'
@@ -308,7 +174,7 @@
class KeyGenerate:
"""Generate positive and negative (invalid argument) test cases for key generation."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
@@ -327,9 +193,9 @@
"""
result = 'PSA_SUCCESS'
- import_dependencies = [psa_want_symbol(kt.name)]
+ import_dependencies = [psa_information.psa_want_symbol(kt.name)]
if kt.params is not None:
- import_dependencies += [psa_want_symbol(sym)
+ import_dependencies += [psa_information.psa_want_symbol(sym)
for i, sym in enumerate(kt.params)]
if kt.name.endswith('_PUBLIC_KEY'):
# The library checks whether the key type is a public key generically,
@@ -338,7 +204,8 @@
generate_dependencies = []
result = 'PSA_ERROR_INVALID_ARGUMENT'
else:
- generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
+ generate_dependencies = \
+ psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
@@ -347,7 +214,7 @@
test_dependencies = generate_dependencies
yield test_case_for_key_generation(
kt.expression, bits,
- finish_family_dependencies(test_dependencies, bits),
+ psa_information.finish_family_dependencies(test_dependencies, bits),
str(bits),
result
)
@@ -380,7 +247,7 @@
INCOMPATIBLE = 2
PUBLIC = 3
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
self.constructors = info.constructors
key_type_expressions = self.constructors.generate_expressions(
sorted(self.constructors.key_types)
@@ -417,8 +284,8 @@
pretty_alg,
pretty_reason,
' with ' + pretty_type if pretty_type else ''))
- dependencies = automatic_dependencies(alg.base_expression, key_type)
- dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
+ dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
+ dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
for i, dep in enumerate(dependencies):
if dep in not_deps:
dependencies[i] = '!' + dep
@@ -445,7 +312,7 @@
"""Generate failure test cases for keyless operations with the specified algorithm."""
if alg.can_do(category):
# Compatible operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
not_deps=frozenset([dep]))
@@ -463,7 +330,7 @@
key_is_compatible = kt.can_do(alg)
if key_is_compatible and alg.can_do(category):
# Compatible key and operation, unsupported algorithm
- for dep in automatic_dependencies(alg.base_expression):
+ for dep in psa_information.automatic_dependencies(alg.base_expression):
yield self.make_test_case(alg, category,
self.Reason.NOT_SUPPORTED,
kt=kt, not_deps=frozenset([dep]))
@@ -569,7 +436,7 @@
class StorageFormat:
"""Storage format stability test cases."""
- def __init__(self, info: Information, version: int, forward: bool) -> None:
+ def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None:
"""Prepare to generate test cases for storage format stability.
* `info`: information about the API. See the `Information` class.
@@ -636,13 +503,13 @@
verb = 'save' if self.forward else 'read'
tc = test_case.TestCase()
tc.set_description(verb + ' ' + key.description)
- dependencies = automatic_dependencies(
+ dependencies = psa_information.automatic_dependencies(
key.lifetime.string, key.type.string,
key.alg.string, key.alg2.string,
)
- dependencies = finish_family_dependencies(dependencies, key.bits)
- dependencies += generate_key_dependencies(key.description)
- dependencies = fix_key_pair_dependencies(dependencies, 'BASIC')
+ dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
+ dependencies += psa_information.generate_key_dependencies(key.description)
+ dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
tc.set_dependencies(dependencies)
tc.set_function('key_storage_' + verb)
if self.forward:
@@ -847,13 +714,13 @@
class StorageFormatForward(StorageFormat):
"""Storage format stability test cases for forward compatibility."""
- def __init__(self, info: Information, version: int) -> None:
+ def __init__(self, info: psa_information.Information, version: int) -> None:
super().__init__(info, version, True)
class StorageFormatV0(StorageFormat):
"""Storage format stability test cases for version 0 compatibility."""
- def __init__(self, info: Information) -> None:
+ def __init__(self, info: psa_information.Information) -> None:
super().__init__(info, 0, False)
def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
@@ -963,6 +830,7 @@
yield from super().generate_all_keys()
yield from self.all_keys_for_implicit_usage()
+
class PSATestGenerator(test_data_generation.TestGenerator):
"""Test generator subclass including PSA targets and info."""
# Note that targets whose names contain 'test_format' have their content
@@ -972,20 +840,23 @@
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
+ 'test_suite_psa_crypto_low_hash.generated':
+ lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
lambda info: StorageFormatV0(info).all_test_cases(),
- } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
+ } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]]
def __init__(self, options):
super().__init__(options)
- self.info = Information()
+ self.info = psa_information.Information()
def generate_target(self, name: str, *target_args) -> None:
super().generate_target(name, self.info)
+
if __name__ == '__main__':
test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 92db417..3590436 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,10 +1,10 @@
#!/usr/bin/env python3
"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
-Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
-while unexpected failures AND successes are reported as errors,
-to help keep the list of known defects as up to date as possible.
+then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
+Known defects in either the test suite or mbedtls / psa-crypto - identified by their test
+number - are ignored, while unexpected failures AND successes are reported as errors, to help
+keep the list of known defects as up to date as possible.
"""
# Copyright The Mbed TLS Contributors
@@ -22,13 +22,20 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import argparse
import os
import re
import shutil
import subprocess
import sys
+from typing import List
-# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite)
+#pylint: disable=unused-import
+import scripts_path
+from mbedtls_dev import build_tree
+
+# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto
+# (or the test suite).
# The test numbers correspond to the numbers used by the console output of the test suite.
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
@@ -49,12 +56,32 @@
PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
PSA_ARCH_TESTS_REF = 'fix-pr-5736'
-#pylint: disable=too-many-branches,too-many-statements
-def main():
- mbedtls_dir = os.getcwd()
+#pylint: disable=too-many-branches,too-many-statements,too-many-locals
+def main(library_build_dir: str):
+ root_dir = os.getcwd()
- if not os.path.exists('library/libmbedcrypto.a'):
- subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a'])
+ in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir)
+
+ if in_psa_crypto_repo:
+ crypto_name = 'psacrypto'
+ library_subdir = 'core'
+ else:
+ crypto_name = 'mbedcrypto'
+ library_subdir = 'library'
+
+ crypto_lib_filename = (library_build_dir + '/' +
+ library_subdir + '/' +
+ 'lib' + crypto_name + '.a')
+
+ if not os.path.exists(crypto_lib_filename):
+ #pylint: disable=bad-continuation
+ subprocess.check_call([
+ 'cmake', '.',
+ '-GUnix Makefiles',
+ '-B' + library_build_dir
+ ])
+ subprocess.check_call(['cmake', '--build', library_build_dir,
+ '--target', crypto_name])
psa_arch_tests_dir = 'psa-arch-tests'
os.makedirs(psa_arch_tests_dir, exist_ok=True)
@@ -74,6 +101,9 @@
os.mkdir(build_dir)
os.chdir(build_dir)
+ extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
+ if in_psa_crypto_repo else '')
+
#pylint: disable=bad-continuation
subprocess.check_call([
'cmake', '..',
@@ -81,8 +111,9 @@
'-DTARGET=tgt_dev_apis_stdc',
'-DTOOLCHAIN=HOST_GCC',
'-DSUITE=CRYPTO',
- '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir),
- '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir)
+ '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir,
+ crypto_lib_filename),
+ ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir)
])
subprocess.check_call(['cmake', '--build', '.'])
@@ -95,8 +126,11 @@
)
test = -1
unexpected_successes = set(EXPECTED_FAILURES)
- expected_failures = []
- unexpected_failures = []
+ expected_failures = [] # type: List[int]
+ unexpected_failures = [] # type: List[int]
+ if proc.stdout is None:
+ return 1
+
for line in proc.stdout:
print(line, end='')
match = test_re.match(line)
@@ -136,7 +170,18 @@
print('SUCCESS')
return 0
finally:
- os.chdir(mbedtls_dir)
+ os.chdir(root_dir)
if __name__ == '__main__':
- sys.exit(main())
+ BUILD_DIR = 'out_of_source_build'
+
+ # pylint: disable=invalid-name
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--build-dir', nargs=1,
+ help='path to Mbed TLS / PSA Crypto build directory')
+ args = parser.parse_args()
+
+ if args.build_dir is not None:
+ BUILD_DIR = args.build_dir[0]
+
+ sys.exit(main(BUILD_DIR))
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 8eb5547..6dadf52 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -25,6 +25,8 @@
#include "test/drivers/aead.h"
+#include "mbedtls/constant_time.h"
+
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_aead.h"
#endif
@@ -431,7 +433,7 @@
if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
if (tag_length != check_tag_length ||
- mbedtls_psa_safer_memcmp(tag, check_tag, tag_length)
+ mbedtls_ct_memcmp(tag, check_tag, tag_length)
!= 0) {
mbedtls_test_driver_aead_hooks.driver_status =
PSA_ERROR_INVALID_SIGNATURE;
diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function
index a583e46..5c5700c 100644
--- a/tests/suites/test_suite_common.function
+++ b/tests/suites/test_suite_common.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "../library/common.h"
+#include "common.h"
void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n)
{
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index c4408df..5751624 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -166,7 +166,7 @@
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
- * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * For reference, with Mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3250M
* - Cold base point mult: ~3300M
* - Hot base point mult: ~1100M
@@ -1324,8 +1324,8 @@
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1:
- limbs = BITS_TO_LIMBS(522) * 2;
- curve_bits = 522;
+ limbs = BITS_TO_LIMBS(521) * 2;
+ curve_bits = 521;
curve_func = &mbedtls_ecp_mod_p521_raw;
break;
#endif
@@ -1377,8 +1377,8 @@
TEST_EQUAL((*curve_func)(X, limbs_X), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits);
TEST_MEMORY_COMPARE(X, bytes, res, bytes);
exit:
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index fadb362..866ff58 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -2,6 +2,9 @@
#include "mbedtls/md.h"
#include "md_psa.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+
#define MD_PSA(md, psa) \
TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \
TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md);
@@ -33,6 +36,24 @@
TEST_EQUAL(0, mbedtls_md_starts(&ctx));
TEST_EQUAL(0, mbedtls_md_finish(&ctx, out));
mbedtls_md_free(&ctx);
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ /* Ensure that we can convert to and from a psa_algorithm_t */
+ psa_algorithm_t p = mbedtls_md_psa_alg_from_type(*md_type_ptr);
+ TEST_ASSERT(p != PSA_ALG_NONE);
+ TEST_EQUAL(*md_type_ptr, mbedtls_md_type_from_psa_alg(p));
+#endif
+
+#if defined(MBEDTLS_OID_C)
+ mbedtls_asn1_buf asn1;
+ /* Check that we have an OID definition */
+ TEST_EQUAL(mbedtls_oid_get_oid_by_md((mbedtls_md_type_t) *md_type_ptr,
+ (const char **) &asn1.p, &asn1.len), 0);
+ /* Check that this OID definition maps back to the correct mbedtls_md_type_t */
+ mbedtls_md_type_t m;
+ TEST_EQUAL(mbedtls_oid_get_md_alg(&asn1, &m), 0);
+ TEST_EQUAL(m, *md_type_ptr);
+#endif
}
exit:
@@ -406,7 +427,6 @@
void md_psa_dynamic_dispatch(int md_type, int pre_psa_ret, int post_psa_engine)
{
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
- TEST_ASSERT(md_info != NULL);
mbedtls_md_context_t ctx1, ctx2;
/* Intentionally no PSA init here! (Will be done later.) */
@@ -414,6 +434,8 @@
mbedtls_md_init(&ctx1);
mbedtls_md_init(&ctx2);
+ TEST_ASSERT(md_info != NULL);
+
/* Before PSA crypto init */
TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx1, md_info, 0));
TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx2, md_info, 0));
diff --git a/tests/suites/test_suite_md.psa.data b/tests/suites/test_suite_md.psa.data
index 5266f18..cd24add 100644
--- a/tests/suites/test_suite_md.psa.data
+++ b/tests/suites/test_suite_md.psa.data
@@ -85,3 +85,51 @@
PSA dispatch SHA512 legacy+driver
depends_on:MBEDTLS_SHA512_C:MBEDTLS_MD_SHA512_VIA_PSA
md_psa_dynamic_dispatch:MBEDTLS_MD_SHA512:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-224 legacy only
+depends_on:MBEDTLS_SHA3_224_C:!MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-224 driver only
+depends_on:!MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-224 legacy+driver
+depends_on:MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-256 legacy only
+depends_on:MBEDTLS_SHA3_256_C:!MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-256 driver only
+depends_on:!MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-256 legacy+driver
+depends_on:MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-384 legacy only
+depends_on:MBEDTLS_SHA3_384_C:!MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-384 driver only
+depends_on:!MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-384 legacy+driver
+depends_on:MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-512 legacy only
+depends_on:MBEDTLS_SHA3_512_C:!MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_LEGACY
+
+PSA dispatch SHA3-512 driver only
+depends_on:!MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA
+
+PSA dispatch SHA3-512 legacy+driver
+depends_on:MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA
+md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_PSA
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index 00f6e0b..f8f1d43 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -82,6 +82,22 @@
depends_on:MBEDTLS_MD_CAN_SHA512
oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512
+OID hash id - id-sha3-224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224
+
+OID hash id - id-sha3-256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256
+
+OID hash id - id-sha3-384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384
+
+OID hash id - id-sha3-512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512
+
OID hash id - id-ripemd160
depends_on:MBEDTLS_MD_CAN_RIPEMD160
oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
@@ -185,3 +201,43 @@
OID from numeric string - OID with overflowing subidentifier
oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+mbedtls_oid_get_md_hmac - RIPEMD160
+depends_on:MBEDTLS_MD_CAN_RIPEMD160
+mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160
+
+mbedtls_oid_get_md_hmac - SHA1
+depends_on:MBEDTLS_MD_CAN_SHA1
+mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1
+
+mbedtls_oid_get_md_hmac - SHA224
+depends_on:MBEDTLS_MD_CAN_SHA224
+mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224
+
+mbedtls_oid_get_md_hmac - SHA256
+depends_on:MBEDTLS_MD_CAN_SHA256
+mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256
+
+mbedtls_oid_get_md_hmac - SHA384
+depends_on:MBEDTLS_MD_CAN_SHA384
+mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384
+
+mbedtls_oid_get_md_hmac - SHA512
+depends_on:MBEDTLS_MD_CAN_SHA512
+mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512
+
+mbedtls_oid_get_md_hmac - SHA3_224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224
+
+mbedtls_oid_get_md_hmac - SHA3_256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256
+
+mbedtls_oid_get_md_hmac - SHA3_384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384
+
+mbedtls_oid_get_md_hmac - SHA3_512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 3adc6af..337f843 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -97,6 +97,29 @@
/* END_CASE */
/* BEGIN_CASE */
+void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id)
+{
+ mbedtls_asn1_buf md_oid = { 0, 0, NULL };
+ int ret;
+ mbedtls_md_type_t md_id = 0;
+
+ md_oid.tag = MBEDTLS_ASN1_OID;
+ md_oid.p = oid->x;
+ md_oid.len = oid->len;
+
+ ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id);
+
+ if (exp_md_id < 0) {
+ TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(md_id == 0);
+ } else {
+ TEST_ASSERT(ret == 0);
+ TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id);
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str)
{
char buf[256];
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index a0da1d7..65384a8 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -78,6 +78,8 @@
MD_OR_USE_PSA_INIT();
+ mbedtls_pkcs7_init(&pkcs7);
+
/* crt_files are space seprated list */
for (i = 0; i < strlen(crt_files); i++) {
if (crt_files[i] == ' ') {
@@ -100,7 +102,6 @@
i = k;
}
- mbedtls_pkcs7_init(&pkcs7);
for (i = 0; i < n_crts; i++) {
TEST_CALLOC(crts[i], 1);
mbedtls_x509_crt_init(crts[i]);
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index 4256a88..5cbbb41 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -39,19 +39,19 @@
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA
@@ -111,19 +111,19 @@
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER)
-depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 37c06c8..730bb88 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -194,7 +194,7 @@
pub_key_raw, pub_key_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw));
+ mbedtls_platform_zeroize(derived_key_raw, derived_key_len);
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
diff --git a/tests/suites/test_suite_psa_crypto.pbkdf2.data b/tests/suites/test_suite_psa_crypto.pbkdf2.data
new file mode 100644
index 0000000..3b8e7e0
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto.pbkdf2.data
@@ -0,0 +1,16 @@
+PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #4
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"eefe3d61cd4da4e4e9945b3d6ba2158c2634e984":"":0:1:0
+
+PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #2
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"013880":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4e61436c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"50617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d":"":0:1:0
+
+# For PBKDF2_AES_CMAC_PRF_128 the output for the test vectors was generated using a python script. Refer commit message for details.
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, inputs from RFC6070 #4
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01000000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"c19b71d2daf483abc9e04fbc78928b4204398d1e":"":0:1:0
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, inputs from RFC7914 #2
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"013880":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4e61436c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"50617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"3298e89bc3560e61b59aef2c104f93380b5fa26e2e011cb5ac5895fcd5a3bd5a92e617d7cae020fa2c6ef895182d9ffa0cc8f9c22778beb02856127719d95570":"":0:1:0
diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data
index 9f51339..0a5f876 100644
--- a/tests/suites/test_suite_psa_crypto_hash.data
+++ b/tests/suites/test_suite_psa_crypto_hash.data
@@ -158,6 +158,70 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9"
+PSA hash finish: SHA3-224 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
+
+PSA hash finish: SHA3-256 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
+
+PSA hash finish: SHA3-384 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
+
+PSA hash finish: SHA3-512 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
+
+PSA hash finish: SHA3-224 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf"
+
+PSA hash finish: SHA3-256 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532"
+
+PSA hash finish: SHA3-384 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25"
+
+PSA hash finish: SHA3-512 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0"
+
+PSA hash finish: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33"
+
+PSA hash finish: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376"
+
+PSA hash finish: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22"
+
+PSA hash finish: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e"
+
+PSA hash finish: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_finish:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc"
+
+PSA hash finish: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_finish:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18"
+
+PSA hash finish: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_finish:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7"
+
+PSA hash finish: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_finish:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185"
+
PSA hash finish: MD5 Test vector RFC1321 #1
depends_on:PSA_WANT_ALG_MD5
hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -246,6 +310,22 @@
depends_on:PSA_WANT_ALG_RIPEMD160
hash_verify:PSA_ALG_RIPEMD160:"bd":"5089265ee5d9af75d12dbf7ea2f27dbdee435b37"
+PSA hash verify: SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_verify:PSA_ALG_SHA3_224:"bd":"79bd1a58a357d1a0ac15b43400bc396d17bdc6d3d90369f16f650b25"
+
+PSA hash verify: SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_verify:PSA_ALG_SHA3_256:"bd":"b389fa0f45f21196cc2736e8de396497a2414be31e7a500a499918b8cf3257b2"
+
+PSA hash verify: SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_verify:PSA_ALG_SHA3_384:"bd":"5a337b67965736040c5b1f2d4df7f9ca76cf01866c7d64ed8dd812b97995da9b14ef07f9c4d9190888e4b15c4df2203d"
+
+PSA hash verify: SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_verify:PSA_ALG_SHA3_512:"bd":"72bacd82495cb72a44523cda462f0f02c9f33b6312e24e44f5c40deed2bbc37854b606cb2f62cce6a394b4157d8e6e89b22682380dc129dddd402693ffa98a6c"
+
PSA hash multi part: SHA-1 Test Vector NIST CAVS #1
depends_on:PSA_WANT_ALG_SHA_1
hash_multi_part:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
@@ -465,3 +545,126 @@
PSA hash multi part: RIPEMD160 Test vector from paper #8
depends_on:PSA_WANT_ALG_RIPEMD160
hash_multi_part:PSA_ALG_RIPEMD160:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+
+PSA hash multi part: SHA3-224 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
+
+PSA hash multi part: SHA3-256 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
+
+PSA hash multi part: SHA3-384 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
+
+PSA hash multi part: SHA3-512 Test Vector NIST ""
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
+
+PSA hash multi part: SHA3-224 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf"
+
+PSA hash multi part: SHA3-256 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532"
+
+PSA hash multi part: SHA3-384 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25"
+
+PSA hash multi part: SHA3-512 Test Vector NIST "abc"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0"
+
+PSA hash multi part: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33"
+
+PSA hash multi part: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376"
+
+PSA hash multi part: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22"
+
+PSA hash multi part: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e"
+
+PSA hash multi part: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_multi_part:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc"
+
+PSA hash multi part: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_multi_part:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18"
+
+PSA hash multi part: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_multi_part:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7"
+
+PSA hash multi part: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_multi_part:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185"
+
+# HMAC test vectors generated in python with e.g.
+# import hmac; hmac.new(bytes([0xaa]*32), b'abc', 'SHA3-224').hexdigest()
+
+PSA HMAC SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hmac:PSA_ALG_SHA3_224:"abc":"bf0905154ad610b6a3d6d0b9a1c692494e987337d956624a066d7a1f"
+
+PSA HMAC SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hmac:PSA_ALG_SHA3_256:"abc":"a986419a162b6d4731a8e96e44a2c6e784d50137907b457c9fb77c62705dc4d9"
+
+PSA HMAC SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hmac:PSA_ALG_SHA3_384:"abc":"87b864ee25f8bfebd516eddd7cdd400d3c368a09e4b1fabaee5636da8a9c876c3f802c366537663910f2e6c5a8426381"
+
+PSA HMAC SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hmac:PSA_ALG_SHA3_512:"abc":"2cef45b6950e41a70bc85cb431b2161d47c9e2932187fa15d80e3b7af1da38aa8fe823a72efd7e536e5236a5b0798418d8c8f08b0de5fc262867bb3752b6482d"
+
+PSA HMAC SHA-1
+depends_on:PSA_WANT_ALG_SHA_1
+hmac:PSA_ALG_SHA_1:"abc":"0b3a7f96afea3e14a0835f7c9468a24649f85596"
+
+PSA HMAC SHA-224
+depends_on:PSA_WANT_ALG_SHA_224
+hmac:PSA_ALG_SHA_224:"abc":"249c405cef8bcd3ceeafdb9a933179739fb9b1d7f174df4667ec82f3"
+
+PSA HMAC SHA-256
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"abc":"b89a1b878289c739595104da55b6f7a8afec3e0757fc166080dc267c09c46841"
+
+PSA HMAC SHA-384
+depends_on:PSA_WANT_ALG_SHA_384
+hmac:PSA_ALG_SHA_384:"abc":"25a8b55c884bc38286305f76332631726498f5586280b88bc6179cd00c6878fb7d1bb3ee1643fcd2fb02b95823ff1af2"
+
+PSA HMAC SHA-512
+depends_on:PSA_WANT_ALG_SHA_512
+hmac:PSA_ALG_SHA_512:"abc":"d6e5eebb5cf27f5b686fefc416ee8c431bb10770216aa3c6ba13897ef3fc040b98abc53b95039f2c50622473f958af64a3cae1afbea8ffffa8d35ca24f31e222"
+
+PSA HMAC RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
+hmac:PSA_ALG_RIPEMD160:"abc":"114a5cf4637f57c044472e1a0b87cce9137190b2"
+
+PSA HMAC MD5
+depends_on:PSA_WANT_ALG_MD5
+hmac:PSA_ALG_MD5:"abc":"39677b12b80118927387aa4a65d16a5e"
+
+PSA HMAC input length 0
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"":"63210aee265762634fa3db8c1aa920dcd07d31ec297309580394a21412f83372"
+
+PSA HMAC input length 1
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"x":"f61c11d66441e3c0b9902a8491caa2da5a0d0d95ef0fc61d8a3b5ea5e0416f5c"
+
+PSA HMAC input length 2890
+depends_on:PSA_WANT_ALG_SHA_256
+hmac:PSA_ALG_SHA_256:"0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999":"dd2e08786029097be5f634fda74a7e20e3e1638e71282892c4fd21d9a71ae418"
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 0405c1d..20167fd 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include <stdint.h>
+#include "psa/crypto.h"
/* END_HEADER */
@@ -35,6 +36,52 @@
/* END_CASE */
/* BEGIN_CASE */
+void hmac(int alg_arg, char *input, data_t *expected_mac)
+{
+ psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);
+
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = PSA_KEY_TYPE_HMAC;
+ const uint8_t key_data[] = { // 32 bytes of 0xaa
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+ };
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT(psa_crypto_init());
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, key_type);
+ PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), &key));
+
+ uint8_t mac[PSA_MAC_MAX_SIZE + 10] = { 0 };
+ size_t mac_length = 0;
+
+ size_t input_len = strlen(input);
+ PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac),
+ &mac_length));
+
+ // manual comparison against expected MAC
+ ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length);
+
+ // use psa_mac_verify to compare to expected MAC
+ PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x,
+ expected_mac->len));
+
+ // corrupt the MAC and check that psa_mac_verify fails
+ expected_mac->x[0] ^= 0x7f;
+ TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x,
+ expected_mac->len), PSA_ERROR_INVALID_SIGNATURE);
+
+ PSA_ASSERT(psa_destroy_key(key));
+exit:
+ PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void hash_verify(int alg_arg, data_t *input, data_t *expected_hash)
{
psa_algorithm_t alg = alg_arg;
diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function
new file mode 100644
index 0000000..6dabcef
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_low_hash.function
@@ -0,0 +1,209 @@
+/* BEGIN_HEADER */
+/*
+ * Test suite for the PSA hash built-in driver
+ *
+ * This test suite exercises some aspects of the built-in PSA driver for
+ * hash algorithms (psa_crypto_hash.c). This code is mostly tested via
+ * the application interface (above the PSA API layer) and via tests of
+ * individual hash modules. The goal of this test suite is to ensure that
+ * the driver dispatch layer behaves correctly even when not invoked via
+ * the API layer, but directly from another driver.
+ *
+ * This test suite is currently incomplete. It focuses on non-regression
+ * tests for past bugs or near misses.
+ */
+
+#include <psa_crypto_hash.h>
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_BUILTIN_HASH
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void hash_valid_one_shot(int alg_arg, data_t *input,
+ data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+
+ /* Nominal case */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ output_size = expected->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_valid_multipart(int alg_arg,
+ data_t *input1, data_t *expected1,
+ data_t *input2, data_t *expected2)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected1->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation0; // original
+ memset(&operation0, 0, sizeof(operation0));
+ mbedtls_psa_hash_operation_t clone_start; // cloned after setup
+ memset(&clone_start, 0, sizeof(clone_start));
+ mbedtls_psa_hash_operation_t clone_middle; // cloned between updates
+ memset(&clone_middle, 0, sizeof(clone_middle));
+ mbedtls_psa_hash_operation_t clone_end; // cloned before finish
+ memset(&clone_end, 0, sizeof(clone_end));
+ mbedtls_psa_hash_operation_t clone_more; // cloned before finish
+ memset(&clone_more, 0, sizeof(clone_more));
+
+ /* Nominal case with two update calls */
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation0, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_start),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_middle),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_end),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned after setup */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_start, input1->x, input1->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_start,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected1->x, expected1->len, output, length);
+
+ /* Nominal case with an operation cloned between updates */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_update(&clone_middle, input2->x, input2->len),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_middle,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+
+ /* Nominal case with an operation cloned before finish */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_end, &clone_more),
+ PSA_SUCCESS);
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* Larger output buffer */
+ TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end),
+ PSA_SUCCESS);
+ output_size = expected2->len + 1;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+ /* We don't test with a smaller output buffer because this isn't
+ * guaranteed to work: the core must pass a sufficiently large
+ * output buffer to the driver. */
+
+ /* Nominal case again after an error in a cloned operation */
+ output_size = expected2->len;
+ ASSERT_ALLOC(output, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&clone_more,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected2->x, expected2->len, output, length);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation0);
+ mbedtls_psa_hash_abort(&clone_start);
+ mbedtls_psa_hash_abort(&clone_middle);
+ mbedtls_psa_hash_abort(&clone_end);
+ mbedtls_psa_hash_abort(&clone_more);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_empty(int alg_arg, data_t *expected)
+{
+ psa_algorithm_t alg = alg_arg;
+ uint8_t *output = NULL;
+ size_t output_size = expected->len;
+ size_t length = SIZE_MAX;
+ mbedtls_psa_hash_operation_t operation;
+ memset(&operation, 0, sizeof(operation));
+
+ ASSERT_ALLOC(output, output_size);
+
+ /* One-shot */
+ TEST_EQUAL(mbedtls_psa_hash_compute(alg, NULL, 0,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, no update */
+ memset(output, 0, output_size);
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+ /* Multipart, one update */
+ memset(output, 0, output_size);
+ memset(&operation, 0, sizeof(operation));
+ TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_update(&operation, NULL, 0),
+ PSA_SUCCESS);
+ TEST_EQUAL(mbedtls_psa_hash_finish(&operation,
+ output, output_size, &length),
+ PSA_SUCCESS);
+ ASSERT_COMPARE(expected->x, expected->len, output, length);
+
+exit:
+ mbedtls_free(output);
+ mbedtls_psa_hash_abort(&operation);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index fef0bab..b1672ec 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -26,6 +26,22 @@
depends_on:PSA_WANT_ALG_SHA_512
hash_algorithm:PSA_ALG_SHA_512:64
+Hash: SHA-3 SHA3-224
+depends_on:PSA_WANT_ALG_SHA3_224
+hash_algorithm:PSA_ALG_SHA3_224:28
+
+Hash: SHA-3 SHA3-256
+depends_on:PSA_WANT_ALG_SHA3_256
+hash_algorithm:PSA_ALG_SHA3_256:32
+
+Hash: SHA-3 SHA3-384
+depends_on:PSA_WANT_ALG_SHA3_384
+hash_algorithm:PSA_ALG_SHA3_384:48
+
+Hash: SHA-3 SHA3-512
+depends_on:PSA_WANT_ALG_SHA3_512
+hash_algorithm:PSA_ALG_SHA3_512:64
+
MAC: HMAC-MD5
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5
hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index cb11f18..0f66c79 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -10,7 +10,7 @@
* before changing how test data is constructed or validated.
*/
-#include "../library/psa_crypto_its.h"
+#include "psa_crypto_its.h"
#include "test/psa_helpers.h"
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 7dd9166..629e281 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -176,9 +176,12 @@
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
-
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
exit:
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 981f8ab..eeae512 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -20,7 +20,7 @@
mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
@@ -56,7 +56,7 @@
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str);
TEST_ASSERT(strcmp(build_str, version_str) == 0);
TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 1b08bc3..114bd52 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -242,7 +242,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid) != 0) {
+ &san->san.other_name.type_id) == 0) {
ret = mbedtls_snprintf(p, n, " hardware module name :");
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf(p, n, " hardware type : ");
@@ -619,7 +619,7 @@
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
- * For reference, with mbed TLS 2.6 and default settings:
+ * For reference, with Mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800