mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-10-18 16:08:54 +03:00
Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
@@ -295,7 +295,7 @@
|
|||||||
*
|
*
|
||||||
* Requires: PSA_WANT_ALG_JPAKE
|
* Requires: PSA_WANT_ALG_JPAKE
|
||||||
* PSA_WANT_ALG_SHA_256
|
* PSA_WANT_ALG_SHA_256
|
||||||
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
* PSA_WANT_ECC_SECP_R1_256
|
||||||
*
|
*
|
||||||
* This enables the following ciphersuites (if other requisites are
|
* This enables the following ciphersuites (if other requisites are
|
||||||
* enabled as well):
|
* enabled as well):
|
||||||
|
|||||||
@@ -2346,15 +2346,15 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
|
|||||||
#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
|
#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
|
||||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
|
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
|
||||||
break;
|
break;
|
||||||
#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ECC_SECP_R1_256 */
|
||||||
#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
|
#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
|
||||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
|
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
|
||||||
break;
|
break;
|
||||||
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ECC_SECP_R1_384 */
|
||||||
#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
|
#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
|
||||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
|
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
|
||||||
break;
|
break;
|
||||||
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
#endif /* PSA_WANT_ALG_SHA_512 && PSA_WANT_ECC_SECP_R1_521 */
|
||||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
||||||
|
|
||||||
#if defined(PSA_WANT_ALG_RSA_PSS)
|
#if defined(PSA_WANT_ALG_RSA_PSS)
|
||||||
|
|||||||
@@ -470,47 +470,47 @@ static const struct {
|
|||||||
uint8_t is_supported;
|
uint8_t is_supported;
|
||||||
} tls_id_group_name_table[] =
|
} tls_id_group_name_table[] =
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
|
||||||
#else
|
#else
|
||||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
|
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
|
||||||
|
|||||||
@@ -433,17 +433,16 @@ component_test_everest () {
|
|||||||
component_test_everest_curve25519_only () {
|
component_test_everest_curve25519_only () {
|
||||||
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
||||||
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
|
scripts/config.py set PSA_WANT_ALG_ECDH
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
|
scripts/config.py unset PSA_WANT_ALG_JPAKE
|
||||||
|
|
||||||
# Disable all curves
|
# Disable all curves
|
||||||
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
|
||||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
|
|
||||||
|
|
||||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
|||||||
@@ -257,26 +257,7 @@ REVERSE_DEPENDENCIES = {
|
|||||||
'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'],
|
'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'],
|
||||||
'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
|
'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
|
||||||
|
|
||||||
# These reverse dependencies can be removed as part of issue
|
'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE'],
|
||||||
# tf-psa-crypto#364.
|
|
||||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
|
|
||||||
'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
|
|
||||||
|
|
||||||
# Support for secp224[k|r]1 was removed in tfpsacrypto#408 while
|
|
||||||
# secp192[k|r]1 were kept only for internal testing (hidden to the end
|
|
||||||
# user). We need to keep these reverse dependencies here until
|
|
||||||
# symbols are hidden/removed from crypto_config.h.
|
|
||||||
'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
|
|
||||||
'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
|
|
||||||
|
|
||||||
'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
|
'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
|
||||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
|
'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
|
||||||
|
|||||||
Reference in New Issue
Block a user