diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 118a9631c4..96521224d5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -224,7 +224,7 @@ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * * Requires: PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -799,7 +799,7 @@ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH * MBEDTLS_X509_CRT_PARSE_C * and at least one of: - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * PSA_WANT_ALG_RSA_PSS * * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ed678bc40..51f813d16e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -433,7 +433,6 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH @@ -569,9 +568,6 @@ component_test_psa_crypto_config_accel_ecdsa () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -735,7 +731,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { $(helper_get_psa_curve_list)" # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -798,7 +793,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_WRITE_C # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -909,7 +903,6 @@ config_psa_crypto_config_ecp_light_only () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -1002,7 +995,6 @@ config_psa_crypto_no_ecp_at_all () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C @@ -1116,7 +1108,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 323f98ec1c..d69b5853c7 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -437,8 +437,6 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_4096 scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -499,8 +497,6 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -527,8 +523,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -553,8 +547,6 @@ component_test_tls13_only_psk_all () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 755585d83e..347634cdff 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -279,8 +279,7 @@ REVERSE_DEPENDENCIES = { 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_ECDSA_C'], + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', 'PSA_WANT_ALG_ECDH', diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 540144923e..7403f7ebdb 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -43,7 +43,6 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): self.bad_case(''' #undef PSA_WANT_ALG_ECDSA #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA - #undef MBEDTLS_ECDSA_C ''', ''' #if defined(PSA_WANT_ALG_ECDSA) @@ -52,9 +51,6 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected #endif - #if defined(MBEDTLS_ECDSA_C) - #error MBEDTLS_ECDSA_C unexpected - #endif ''', error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f813cc1ac3..ccd85378b8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -655,7 +655,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:PSA_WANT_ALG_ECDSA */ void x509_verify_restart(char *crt_file, char *ca_file, int result, int flags_result, int max_ops, int min_restart, int max_restart)