PKCS5: always use MD

As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

tests/scripts/all.sh

@@ -1224,12 +1224,15 @@ component_test_crypto_full_md_light_only () {
     scripts/config.py crypto_full
     # Disable MD
     scripts/config.py unset MBEDTLS_MD_C
-    # Disable direct dependencies of MD
+    # Disable direct dependencies of MD_C
     scripts/config.py unset MBEDTLS_HKDF_C
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
     scripts/config.py unset MBEDTLS_PKCS7_C
-    # Disable indirect dependencies of MD
+    # Disable indirect dependencies of MD_C
     scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
+    # Disable things that would auto-enable MD_C
+    scripts/config.py unset MBEDTLS_PKCS5_C
+
     # Note: MD-light is auto-enabled in build_info.h by modules that need it,
     # which we haven't disabled, so no need to explicitly enable it.
     make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
@@ -2671,9 +2674,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
     make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
 
     # There's a risk of something getting re-enabled via config_psa.h;
-    # make sure it did not happen. Note: it's OK for MD_LIGHT to be enabled,
-    # but not the full MD_C (for now), so check mbedtls_md_hmac for that.
-    not grep mbedtls_md_hmac library/md.o
+    # make sure it did not happen. Note: it's OK for MD_C to be enabled.
     not grep mbedtls_md5 library/md5.o
     not grep mbedtls_sha1 library/sha1.o
     not grep mbedtls_sha256 library/sha256.o

tests/suites/test_suite_pkcs5.function

@@ -14,14 +14,16 @@ void pbkdf2_hmac(int hash, data_t *pw_str, data_t *salt_str,
 {
     unsigned char key[100];
 
-    PSA_INIT_IF_NO_MD();
+    MD_PSA_INIT();
     TEST_ASSERT(mbedtls_pkcs5_pbkdf2_hmac_ext(hash, pw_str->x, pw_str->len,
                                               salt_str->x, salt_str->len,
                                               it_cnt, key_len, key) == 0);
 
     TEST_ASSERT(mbedtls_test_hexcmp(key, result_key_string->x,
                                     key_len, result_key_string->len) == 0);
-    PSA_DONE_IF_NO_MD();
+
+exit:
+    MD_PSA_DONE();
 }
 /* END_CASE */
 
@@ -33,7 +35,7 @@ void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
     mbedtls_asn1_buf params;
     unsigned char *my_out = NULL;
 
-    PSA_INIT_IF_NO_MD();
+    MD_PSA_INIT();
 
     params.tag = params_tag;
     params.p = params_hex->x;
@@ -51,13 +53,17 @@ void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
 
 exit:
     mbedtls_free(my_out);
-    PSA_DONE_IF_NO_MD();
+    MD_PSA_DONE();
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void pkcs5_selftest()
 {
+    MD_PSA_INIT();
     TEST_ASSERT(mbedtls_pkcs5_self_test(1) == 0);
+
+exit:
+    MD_PSA_DONE();
 }
 /* END_CASE */