mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts: * tests/suites/test_suite_pk.function: consecutive changes to the depends_on line of pk_sign_verify and its argument list.
This commit is contained in:
Gilles Peskine
@@ -158,7 +158,8 @@
|
||||
* (e.g. MBEDTLS_MD_LIGHT)
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
|
||||
defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
|
||||
defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \
|
||||
defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */
|
||||
#include "mbedtls/config_psa.h"
|
||||
#endif
|
||||
|
||||
|
||||
@@ -27,18 +27,8 @@
|
||||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_C is required on Windows"
|
||||
#endif
|
||||
|
||||
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
|
||||
* it would confuse config.py. */
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
|
||||
* in * config_adjust_legacy_crypto.h */
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
|
||||
@@ -54,65 +44,6 @@
|
||||
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
|
||||
#endif
|
||||
|
||||
/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
|
||||
* when PSA crypto is enabled. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy in PSA API so we skip this check */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
|
||||
* `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
|
||||
* all 4 of them.
|
||||
@@ -154,7 +85,7 @@
|
||||
#endif /* some curve accelerated */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
|
||||
defined(PSA_WANT_ALG_ECB_NO_PADDING)))
|
||||
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
@@ -234,9 +165,8 @@
|
||||
#endif
|
||||
#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || \
|
||||
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
@@ -277,27 +207,8 @@
|
||||
#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helpers for hash dependencies, will be undefined at the end of the file */
|
||||
/* Do SHA-256, 384, 512 to cover Entropy and TLS. */
|
||||
#if defined(MBEDTLS_SHA256_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
|
||||
#define MBEDTLS_MD_HAVE_SHA256
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
|
||||
#define MBEDTLS_MD_HAVE_SHA384
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
|
||||
#define MBEDTLS_MD_HAVE_SHA512
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
|
||||
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
@@ -305,24 +216,24 @@
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
|
||||
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#define MBEDTLS_HAS_MEMSAN
|
||||
#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
|
||||
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
|
||||
#endif
|
||||
#undef MBEDTLS_HAS_MEMSAN
|
||||
#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && \
|
||||
!(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
|
||||
@@ -388,28 +299,6 @@
|
||||
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helper for JPAKE dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for curve SECP256R1 */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_CAN_ECDH) || \
|
||||
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
|
||||
@@ -463,47 +352,52 @@
|
||||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
|
||||
!defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(PSA_WANT_ALG_JPAKE) || \
|
||||
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
|
||||
!defined(PSA_WANT_ECC_SECP_R1_256) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECJPAKE_C) || \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Use of EC J-PAKE in TLS requires SHA-256. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
!defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
!defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
( !defined(MBEDTLS_SHA256_C) && \
|
||||
!defined(MBEDTLS_SHA512_C) && \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1)
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_C) && !( \
|
||||
defined(MBEDTLS_MD5_C) || \
|
||||
defined(MBEDTLS_RIPEMD160_C) || \
|
||||
defined(MBEDTLS_SHA1_C) || \
|
||||
defined(MBEDTLS_SHA224_C) || \
|
||||
defined(MBEDTLS_SHA256_C) || \
|
||||
defined(MBEDTLS_SHA384_C) || \
|
||||
defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
(defined(PSA_WANT_ALG_MD5) || \
|
||||
defined(PSA_WANT_ALG_RIPEMD160) || \
|
||||
defined(PSA_WANT_ALG_SHA_1) || \
|
||||
defined(PSA_WANT_ALG_SHA_224) || \
|
||||
defined(PSA_WANT_ALG_SHA_256) || \
|
||||
defined(PSA_WANT_ALG_SHA_384) || \
|
||||
defined(PSA_WANT_ALG_SHA_512))))
|
||||
#error "MBEDTLS_MD_C defined, but not all prerequisites"
|
||||
#if defined(MBEDTLS_MD_C) && \
|
||||
!defined(MBEDTLS_MD_CAN_MD5) && \
|
||||
!defined(MBEDTLS_MD_CAN_RIPEMD160) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_512)
|
||||
#error "MBEDTLS_MD_C defined, but no hash algorithm"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_LMS_C) && \
|
||||
! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
|
||||
! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
|
||||
#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
|
||||
#endif
|
||||
|
||||
@@ -538,11 +432,17 @@
|
||||
#error "MBEDTLS_PK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && \
|
||||
(!defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_OID_C) || \
|
||||
!defined(MBEDTLS_PK_C))
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
|
||||
#if defined(MBEDTLS_PK_WRITE_C) && \
|
||||
(!defined(MBEDTLS_ASN1_WRITE_C) || \
|
||||
!defined(MBEDTLS_OID_C) || \
|
||||
!defined(MBEDTLS_PK_C))
|
||||
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
@@ -891,7 +791,7 @@
|
||||
* Note: for dependencies common with TLS 1.2 (running handshake hash),
|
||||
* see MBEDTLS_SSL_TLS_C. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
!(defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
!(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
|
||||
defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
|
||||
defined(PSA_WANT_ALG_HKDF_EXPAND) && \
|
||||
(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
|
||||
@@ -975,7 +875,7 @@
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if !defined(MBEDTLS_MD_C) || \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
@@ -1074,22 +974,20 @@
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
|
||||
#endif
|
||||
#undef MBEDTLS_THREADING_IMPL
|
||||
#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||
#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
@@ -1218,13 +1116,6 @@
|
||||
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_MD_HAVE_SHA256
|
||||
#undef MBEDTLS_MD_HAVE_SHA384
|
||||
#undef MBEDTLS_MD_HAVE_SHA512
|
||||
#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
|
||||
@@ -22,6 +22,22 @@
|
||||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
|
||||
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
|
||||
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
|
||||
*
|
||||
* So, adjust it here.
|
||||
* Not related to crypto, but this is the bottom of the stack. */
|
||||
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
|
||||
* in PSA. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
|
||||
@@ -3059,7 +3059,7 @@
|
||||
* Caller: library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
|
||||
*
|
||||
* Uncomment to enable generic public key parse functions.
|
||||
*/
|
||||
@@ -3073,7 +3073,7 @@
|
||||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
* Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
|
||||
*
|
||||
* Uncomment to enable generic public key write functions.
|
||||
*/
|
||||
|
||||
@@ -288,12 +288,17 @@
|
||||
#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
* Encryption algorithms,
|
||||
* the following standardized object identifiers are specified at
|
||||
* https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
|
||||
*/
|
||||
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
|
||||
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
|
||||
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
|
||||
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
|
||||
#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
|
||||
#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
|
||||
#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
|
||||
|
||||
/*
|
||||
* Key Wrapping algorithms
|
||||
|
||||
@@ -73,11 +73,11 @@ void mbedtls_pem_init(mbedtls_pem_context *ctx);
|
||||
* \param data source data to look in (must be nul-terminated)
|
||||
* \param pwd password for decryption (can be NULL)
|
||||
* \param pwdlen length of password
|
||||
* \param use_len destination for total length used (set after header is
|
||||
* correctly read, so unless you get
|
||||
* \param use_len destination for total length used from data buffer. It is
|
||||
* set after header is correctly read, so unless you get
|
||||
* MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
|
||||
* MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
||||
* the length to skip)
|
||||
* the length to skip.
|
||||
*
|
||||
* \note Attempts to check password correctness by verifying if
|
||||
* the decrypted text starts with an ASN.1 sequence of
|
||||
|
||||
@@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
||||
#define MBEDTLS_PK_USE_PSA_EC_DATA
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
/**
|
||||
* \brief Types for interfacing with the debug module
|
||||
*/
|
||||
@@ -667,14 +660,17 @@ int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or PSS (accepting any salt length),
|
||||
* depending on the padding mode in the underlying RSA context.
|
||||
* For a pk object constructed by parsing, this is PKCS#1 v1.5
|
||||
* by default. Use mbedtls_pk_verify_ext() to explicitly select
|
||||
* a different algorithm.
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig but its length is less than \p sig_len,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
|
||||
* to verify RSASSA_PSS signatures.
|
||||
*/
|
||||
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
@@ -761,11 +757,15 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
||||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or PSS (using the largest possible salt
|
||||
* length up to the hash length), depending on the padding mode
|
||||
* in the underlying RSA context. For a pk object constructed
|
||||
* by parsing, this is PKCS#1 v1.5 by default. Use
|
||||
* mbedtls_pk_verify_ext() to explicitly select a different
|
||||
* algorithm.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* There is no interface in the PK module to make RSASSA-PSS
|
||||
* signatures yet.
|
||||
* \return 0 on success, or a specific error code.
|
||||
*
|
||||
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
|
||||
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
|
||||
@@ -861,7 +861,10 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
|
||||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||
* the underlying RSA context. For a pk object constructed by
|
||||
* parsing, this is PKCS#1 v1.5 by default.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
@@ -882,9 +885,12 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
|
||||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note \p f_rng is used for padding generation.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||
* the underlying RSA context. For a pk object constructed by
|
||||
* parsing, this is PKCS#1 v1.5 by default.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* \note \p f_rng is used for padding generation.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
|
||||
@@ -426,6 +426,16 @@ int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
|
||||
int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
|
||||
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP);
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the length of the RSA modulus in bits.
|
||||
*
|
||||
* \param ctx The initialized RSA context.
|
||||
*
|
||||
* \return The length of the RSA modulus in bits.
|
||||
*
|
||||
*/
|
||||
size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the length of RSA modulus in Bytes.
|
||||
*
|
||||
|
||||
@@ -4737,7 +4737,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl
|
||||
* \param ssl The SSL context representing the connection for which to
|
||||
* to export a session structure for later resumption.
|
||||
* \param session The target structure in which to store the exported session.
|
||||
* This must have been initialized with mbedtls_ssl_init_session()
|
||||
* This must have been initialized with mbedtls_ssl_session_init()
|
||||
* but otherwise be unused.
|
||||
*
|
||||
* \note This function can handle a variety of mechanisms for session
|
||||
@@ -5106,9 +5106,9 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 2
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
|
||||
@@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key(
|
||||
*
|
||||
* This function clears all data associated with the PSA layer,
|
||||
* including the whole key store.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This is an Mbed TLS extension.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user