Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4c31aa2..670be0e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -436,7 +436,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@@ -445,7 +445,7 @@
static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls12_session_load(mbedtls_ssl_session *session,
@@ -459,9 +459,9 @@
static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
@@ -473,11 +473,11 @@
switch (prf) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
break;
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
@@ -784,7 +784,7 @@
{
((void) ciphersuite_info);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
} else
@@ -831,7 +831,7 @@
int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384)
+ defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@@ -865,7 +865,7 @@
}
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
@@ -896,7 +896,7 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384)
+ defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@@ -920,7 +920,7 @@
}
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
@@ -949,7 +949,7 @@
}
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
@@ -973,7 +973,7 @@
mbedtls_md_init(&handshake->fin_sha256);
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
#else
@@ -4802,7 +4802,7 @@
mbedtls_md_free(&handshake->fin_sha256);
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha384_psa);
#else
@@ -5671,7 +5671,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
- defined(MBEDTLS_MD_CAN_SHA384) && \
+ defined(PSA_WANT_ALG_SHA_384) && \
defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@@ -5688,7 +5688,7 @@
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
#endif
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
#endif
@@ -5700,9 +5700,9 @@
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
-#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */
+#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
@@ -5727,7 +5727,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA512 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
@@ -5737,7 +5737,7 @@
#if defined(MBEDTLS_RSA_C)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
#endif
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
@@ -5766,7 +5766,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
- defined(MBEDTLS_MD_CAN_SHA384) && \
+ defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@@ -5785,11 +5785,11 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
MBEDTLS_TLS_SIG_NONE
};
@@ -6144,7 +6144,7 @@
case MBEDTLS_SSL_HASH_SHA256:
return MBEDTLS_MD_SHA256;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
return MBEDTLS_MD_SHA384;
#endif
@@ -6179,7 +6179,7 @@
case MBEDTLS_MD_SHA256:
return MBEDTLS_SSL_HASH_SHA256;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return MBEDTLS_SSL_HASH_SHA384;
#endif
@@ -6433,7 +6433,7 @@
*olen = 0;
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
break;
@@ -6460,7 +6460,7 @@
}
exit:
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@@ -6468,7 +6468,7 @@
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
unsigned char *dst,
@@ -6504,7 +6504,7 @@
mbedtls_md_free(&sha384);
return ret;
}
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -6552,10 +6552,10 @@
{
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_MD_SHA256:
@@ -6563,7 +6563,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
default:
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
(void) dst;
@@ -6831,7 +6831,7 @@
#if defined(MBEDTLS_MD_C) && \
(defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic(mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@@ -6935,7 +6935,7 @@
return ret;
}
-#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || MBEDTLS_MD_CAN_SHA384 ) */
+#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || PSA_WANT_ALG_SHA_384 ) */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_MD_CAN_SHA256)
@@ -6950,7 +6950,7 @@
}
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@@ -6960,7 +6960,7 @@
return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
label, random, rlen, dstbuf, dlen);
}
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
/*
* Set appropriate PRF function and other SSL / TLS1.2 functions
@@ -6975,7 +6975,7 @@
static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
mbedtls_md_type_t hash)
{
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (hash == MBEDTLS_MD_SHA384) {
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -7272,7 +7272,7 @@
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
{
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
@@ -7285,7 +7285,7 @@
default:
return -1;
}
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@@ -7379,7 +7379,7 @@
}
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
@@ -7392,7 +7392,7 @@
hash, hlen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -8431,7 +8431,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
@@ -8445,7 +8445,7 @@
padbuf, sizeof(padbuf),
buf, from);
}
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
{
@@ -8738,7 +8738,7 @@
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
return tls_prf_sha384;
} else
@@ -8750,7 +8750,7 @@
}
}
#endif
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ciphersuite_info;
#endif
@@ -8762,7 +8762,7 @@
static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf)
{
((void) tls_prf);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (tls_prf == tls_prf_sha384) {
return MBEDTLS_SSL_TLS_PRF_SHA384;
} else