From 26fd730876bf83169d7d02de08101c7c5fba5c5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Oct 2018 12:14:52 +0200 Subject: [PATCH] Add config option for X.509/TLS to use PSA --- include/mbedtls/check_config.h | 4 ++++ include/mbedtls/config.h | 14 ++++++++++++++ library/version_features.c | 3 +++ scripts/config.pl | 3 +++ 4 files changed, 24 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 21bede7075..508c00a8a1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -670,6 +670,10 @@ #endif #undef MBEDTLS_THREADING_IMPL +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) +#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c1619fbade..2341ef50f6 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1616,6 +1616,20 @@ */ //#define MBEDTLS_THREADING_PTHREAD +/** + * \def MBEDTLS_USE_PSA_CRYPTO + * + * Make the X.509 and TLS library use PSA for cryptographic operations, see + * #MBEDTLS_PSA_CRYPTO_C. + * + * Note: this option is still in progress, the full X.509 and TLS modules are + * not covered yet, but parts that are not ported to PSA yet will still work + * as usual, so enabling this option should not break backwards compatibility. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + */ +//#define MBEDTLS_USE_PSA_CRYPTO + /** * \def MBEDTLS_VERSION_FEATURES * diff --git a/library/version_features.c b/library/version_features.c index 590f949f4f..2bfcfc0159 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -522,6 +522,9 @@ static const char *features[] = { #if defined(MBEDTLS_THREADING_PTHREAD) "MBEDTLS_THREADING_PTHREAD", #endif /* MBEDTLS_THREADING_PTHREAD */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + "MBEDTLS_USE_PSA_CRYPTO", +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_VERSION_FEATURES) "MBEDTLS_VERSION_FEATURES", #endif /* MBEDTLS_VERSION_FEATURES */ diff --git a/scripts/config.pl b/scripts/config.pl index 6d02ec05c4..55f4b6e1c4 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -36,6 +36,8 @@ # - this could be enabled if the respective tests were adapted # MBEDTLS_ZLIB_SUPPORT # MBEDTLS_PKCS11_C +# MBEDTLS_USE_PSA_CRYPTO +# - experimental, and more an alternative implementation than a feature # and any symbol beginning _ALT # @@ -99,6 +101,7 @@ MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_PSA_CRYPTO_SPM MBEDTLS_PSA_HAS_ITS_IO MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C +MBEDTLS_USE_PSA_CRYPTO _ALT\s*$ );