This will be needed when TF-PSA-Crypto's `build_info.h` stops including
`limits.h`, which it currently does by accident because it includes
`check_config.h` which wants `limits.h` to check `CHAR_BIT`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
`check_config.h` only needs to run once on the configuration. It doesn't
need to run every time an application is built. It used to be public up to
Mbed TLS 2.x because it was included from `config.h`, and users could
substitute that file completely and should still include `check_config.h`
from their file. But since Mbed TLS 3.x, including `check_config.h` is a
purely internal thing (done in `build_info.h`). So make the file itself
purely internal.
We don't need to include `check_config.h` when building every library file,
just one: `mbedtls_config.c`, that's its job.
Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's
`check_config.h`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a custom target that depends on TLS
generated files, and make both the static and
shared crypto libraries depend on it.
This ensures that when both libraries are built,
the files are not generated concurrently
by the static and shared library targets.
Do the same for the x509 libraries.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
If we do not generate error.c, version_features.c, ...
then they are supposed to be in the source tree.
The CMake build get them from here and there is no
need for a symbolic link or a copy in the build tree.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This gives the possibility to add new source files in tf-psa-crypto
library without any need to update this Makefile.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PK_USE_PSA_EC_DATA is a legacy symbol that is used in 3.6 LTS
branch, but now it is assumed to be always true. It's only kept for
legacy reasons so it's better to replace it with
PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY instead.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PK module will now always use PSA storing pattern when working with
EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always
enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
For each function in `x509_oid.c`, determine where it is used and only
include it in the build if it is needed by the X.509 code. Define the
corresponding internal tables only when they are consumed by a function.
This makes Mbed TLS completely independent of the compilation option
`MBEDTLS_OID_C`. This option remains present only in sample configs for
crypto, where it must stay until TF-PSA-Crypto no longer relies on this
option.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_oid_get_md_alg() is used in X.509, but
mbedtls_oid_get_oid_by_md() is only used in crypto.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.
For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.
Public functions in X.509 propagate this error code, so it needs to have a
public name.
Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then
```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
