TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / e8ae4fa2b637f6515c0e4e60f20afe0b800c1af9^! / . / drivers / auth / mbedtls
commite8ae4fa2b637f6515c0e4e60f20afe0b800c1af9[log] [tgz]
authorYann Gautier <yann.gautier@st.com>Mon May 20 17:11:47 2024 +0200
committerYann Gautier <yann.gautier@st.com>Fri Jun 28 20:06:10 2024 +0200
tree9589aab0da2edc8d408a831992810b3259d02893
parent87f4a63053fc184692df84bb3190dcead2d17f2f [diff]
feat(mbedtls): update config for 3.6.0

Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.

And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.

Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
(cherry picked from commit 55aed7d798f3d48d6aa08d58eb46c4cda318bcfb)

diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index a7a895c..656acab 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk

@@ -37,7 +37,6 @@
 					cipher.c 			\
 					cipher_wrap.c 			\
 					constant_time.c			\
-					hash_info.c			\
 					memory_buffer_alloc.c		\
 					oid.c 				\
 					platform.c 			\
@@ -47,6 +46,7 @@
 					gcm.c 				\
 					md.c				\
 					pk.c 				\
+					pk_ecc.c 			\
 					pk_wrap.c 			\
 					pkparse.c 			\
 					pkwrite.c 			\
@@ -61,13 +61,6 @@
 					x509_crt.c 			\
 					)
 
-# Currently on Mbedtls-3 there is outstanding bug due to usage
-# of redundant declaration[1], So disable redundant-decls
-# compilation flag to avoid compilation error when compiling with
-# Mbedtls-3.
-# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
-LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
-
 # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
 # algorithm to use. If the variable is not defined, select it based on
 # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,

diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 991f68c..ac67a82 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -65,6 +65,18 @@
 
 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
+
+
+/*
+ * NOTE: This has been made internal in mbedtls 3.6.0 and the mbedtls team has
+ * advised that it's better to copy out the declaration than it would be to
+ * update to 3.5.2, where this function is exposed.
+ */
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+			     const mbedtls_x509_buf *sig_params,
+			     mbedtls_md_type_t *md_alg,
+			     mbedtls_pk_type_t *pk_alg,
+			     void **sig_opts);
 /*
  * Verify a signature.
  *