Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves
or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now,
observe it failing with the expected #error.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Tested manually as follows: in
component_test_psa_crypto_config_accel_ecc_some_key_types, modify
loc_accel_list to remove one of the key types between
helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main,
and observe that the 2nd build fails with the expected #error.
Note: removing one of the key types before
helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to
fail, which is quite acceptable, just not what we're trying to observe.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit adds dependency check when PK_CAN_ECDSA_SIGN or
PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C
or ASN1_PARSE_C is enabled under PSA.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This slightly changes the previous requirement. Instead of enabling
ALL builtin EC algs when there is at least 1 built in curve, we ask
for at least one built alg if there is at least one builtin curve.
This relaxes the previous check while still keeping the base idea:
there must be a reason for which builtin curves are included into
the build.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Numeric options should be commented out with their default values in the config
file, and a separate header file should set the default value if necessary.
This was done for most other options in #8161; do it here for
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is
automatically enabled via the PSA. Typically,
once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled,
MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used
to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY.
In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if
either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled.
Since three of them always need AES-decrypt.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This is usefuls to use PK_HAVE_ECC_KEYS in check_config.h instead
of redefining it twice in different ways.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In check_config.h, align the guards of Windows
specific configuration checks with the ones used
in platform.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This part is specific to 1.3 and directly calls PSA APIs regardless of
whether MBEDTLS_USE_PSA_CRYPTO is defined, so use PSA_WANT. Note: the
code is already using PSA_WANT everywhere in ssl_tls13*.c.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
