diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 917b88d75f..6b09ae39a3 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -7,6 +7,7 @@ EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy +EXCLUDE = ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 1f19749687..534f01658c 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -14,6 +14,8 @@ #ifndef MBEDTLS_BUILD_INFO_H #define MBEDTLS_BUILD_INFO_H +#include "tf-psa-crypto/build_info.h" + /* * This set of compile-time defines can be used to determine the version number * of the Mbed TLS library used. Run-time variables for the same can be found in @@ -37,70 +39,6 @@ #define MBEDTLS_VERSION_STRING "4.0.0" #define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.0.0" -/* Macros for build-time platform detection */ - -#if !defined(MBEDTLS_ARCH_IS_ARM64) && \ - (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)) -#define MBEDTLS_ARCH_IS_ARM64 -#endif - -#if !defined(MBEDTLS_ARCH_IS_ARM32) && \ - (defined(__arm__) || defined(_M_ARM) || \ - defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__)) -#define MBEDTLS_ARCH_IS_ARM32 -#endif - -#if !defined(MBEDTLS_ARCH_IS_X64) && \ - (defined(__amd64__) || defined(__x86_64__) || \ - ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))) -#define MBEDTLS_ARCH_IS_X64 -#endif - -#if !defined(MBEDTLS_ARCH_IS_X86) && \ - (defined(__i386__) || defined(_X86_) || \ - (defined(_M_IX86) && !defined(_M_I86))) -#define MBEDTLS_ARCH_IS_X86 -#endif - -#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \ - (defined(_M_ARM64) || defined(_M_ARM64EC)) -#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 -#endif - -/* This is defined if the architecture is Armv8-A, or higher */ -#if !defined(MBEDTLS_ARCH_IS_ARMV8_A) -#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE) -#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A') -/* GCC, clang, armclang and IAR */ -#define MBEDTLS_ARCH_IS_ARMV8_A -#endif -#elif defined(__ARM_ARCH_8A) -/* Alternative defined by clang */ -#define MBEDTLS_ARCH_IS_ARMV8_A -#elif defined(_M_ARM64) || defined(_M_ARM64EC) -/* MSVC ARM64 is at least Armv8.0-A */ -#define MBEDTLS_ARCH_IS_ARMV8_A -#endif -#endif - -#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ - && !defined(__llvm__) && !defined(__INTEL_COMPILER) -/* Defined if the compiler really is gcc and not clang, etc */ -#define MBEDTLS_COMPILER_IS_GCC -#define MBEDTLS_GCC_VERSION \ - (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -/* Define `inline` on some non-C99-compliant compilers. */ -#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_CONFIG_FILES_READ) #error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" #endif @@ -108,7 +46,7 @@ #error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!" #endif -/* X.509, TLS and non-PSA crypto configuration */ +/* X.509 and TLS configuration */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" #else @@ -130,48 +68,12 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -/* PSA crypto configuration */ -#if defined(TF_PSA_CRYPTO_CONFIG_FILE) -#include TF_PSA_CRYPTO_CONFIG_FILE -#else -#include "psa/crypto_config.h" -#endif -#if defined(TF_PSA_CRYPTO_USER_CONFIG_FILE) -#include TF_PSA_CRYPTO_USER_CONFIG_FILE -#endif - /* Indicate that all configuration files have been read. * It is now time to adjust the configuration (follow through on dependencies, * make PSA and legacy crypto consistent, etc.). */ #define MBEDTLS_CONFIG_FILES_READ -/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if - * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined - * to ensure a 128-bit key size in CTR_DRBG. - */ -#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C) -#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY -#endif - -/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it - * in a previous release, to ensure backwards compatibility. - */ -#if defined(MBEDTLS_PKCS5_C) -#define MBEDTLS_MD_C -#endif - -/* PSA crypto specific configuration options - * - If config_psa.h reads a configuration option in preprocessor directive, - * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C) - * - If config_psa.h writes a configuration option in conditional directive, - * this symbol should be consulted after its inclusion. - * (e.g. MBEDTLS_MD_LIGHT) - */ -#include "mbedtls/config_psa.h" - -#include "mbedtls/config_adjust_legacy_crypto.h" - #include "mbedtls/config_adjust_x509.h" #include "mbedtls/config_adjust_ssl.h" @@ -184,6 +86,5 @@ #define MBEDTLS_CONFIG_IS_FINALIZED #include "mbedtls/check_config.h" -#include "tf-psa-crypto/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 66117dd312..5bda91a281 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -11,6 +11,7 @@ #define MBEDTLS_SSL_MISC_H #include "common.h" +#include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index ec1ac50db6..36cbc6518c 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -11,6 +11,7 @@ #define MBEDTLS_X509_INTERNAL_H #include "common.h" +#include "mbedtls/build_info.h" #include "mbedtls/private_access.h" #include "mbedtls/x509.h" diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 7c232aba4b..8f344448e6 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -239,6 +239,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/include/tf-psa-crypto/*.h", "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "tf-psa-crypto/drivers/everest/include/everest/everest.h", "tf-psa-crypto/drivers/everest/include/everest/x25519.h" @@ -258,6 +259,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/include/tf-psa-crypto/*.h", "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "tf-psa-crypto/core/*.h", @@ -272,6 +274,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/include/tf-psa-crypto/*.h", "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "tf-psa-crypto/core/*.h", @@ -283,6 +286,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/include/tf-psa-crypto/*.h", "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "tf-psa-crypto/core/*.h", diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h new file mode 100644 index 0000000000..fc3a9d1c18 --- /dev/null +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h @@ -0,0 +1,16 @@ +/* + * Alias to tf-psa-crypto/build_info.h for the purpose + * of framework C headers and modules in the context + * of TF-PSA-Crypto. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_BUILD_INFO_H +#define MBEDTLS_BUILD_INFO_H + +#include "tf-psa-crypto/build_info.h" + +#endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h index c9e3d18296..b2d9312e5e 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h @@ -24,7 +24,7 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h index c968d585a2..2afcd2bb05 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h @@ -17,7 +17,7 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h index ef65cce0d9..9f3c425540 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -19,7 +19,7 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h index cce4e892b1..13e25095bf 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h @@ -37,7 +37,7 @@ #ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H #define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h index 3a2af15180..590343ba4f 100644 --- a/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h +++ b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h @@ -15,7 +15,7 @@ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H #define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h index 92e9c4de28..0871c3a05f 100644 --- a/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h +++ b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h @@ -18,7 +18,7 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H #define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h b/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h index 4c9fb5a6b7..1bb68c67c5 100644 --- a/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h +++ b/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h @@ -12,7 +12,7 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_DERIVED_H #define PSA_CRYPTO_ADJUST_CONFIG_DERIVED_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h index cec39e01ce..c33d7771eb 100644 --- a/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h +++ b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h @@ -21,7 +21,7 @@ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h index 54b116f434..c5a652e743 100644 --- a/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h +++ b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h @@ -16,7 +16,7 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H #define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H -#if !defined(MBEDTLS_CONFIG_FILES_READ) +#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) #error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ diff --git a/tf-psa-crypto/include/tf-psa-crypto/build_info.h b/tf-psa-crypto/include/tf-psa-crypto/build_info.h index 1dc4ebc180..eb9f9b283e 100644 --- a/tf-psa-crypto/include/tf-psa-crypto/build_info.h +++ b/tf-psa-crypto/include/tf-psa-crypto/build_info.h @@ -1,20 +1,141 @@ /** * \file tf-psa-crypto/build_info.h * - * \brief Build-time PSA configuration info + * \brief Build-time configuration info * * Include this file if you need to depend on the - * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE - * in PSA cryptography core specific files. + * configuration options defined in crypto_config.h or TF_PSA_CRYPTO_CONFIG_FILE. */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#ifndef PSA_CRYPTO_BUILD_INFO_H -#define PSA_CRYPTO_BUILD_INFO_H +#ifndef TF_PSA_CRYPTO_BUILD_INFO_H +#define TF_PSA_CRYPTO_BUILD_INFO_H -#include "mbedtls/build_info.h" +/* Macros for build-time platform detection */ -#endif /* PSA_CRYPTO_BUILD_INFO_H */ +#if !defined(MBEDTLS_ARCH_IS_ARM64) && \ + (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)) +#define MBEDTLS_ARCH_IS_ARM64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_ARM32) && \ + (defined(__arm__) || defined(_M_ARM) || \ + defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__)) +#define MBEDTLS_ARCH_IS_ARM32 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X64) && \ + (defined(__amd64__) || defined(__x86_64__) || \ + ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))) +#define MBEDTLS_ARCH_IS_X64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X86) && \ + (defined(__i386__) || defined(_X86_) || \ + (defined(_M_IX86) && !defined(_M_I86))) +#define MBEDTLS_ARCH_IS_X86 +#endif + +#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \ + (defined(_M_ARM64) || defined(_M_ARM64EC)) +#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 +#endif + +/* This is defined if the architecture is Armv8-A, or higher */ +#if !defined(MBEDTLS_ARCH_IS_ARMV8_A) +#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE) +#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A') +/* GCC, clang, armclang and IAR */ +#define MBEDTLS_ARCH_IS_ARMV8_A +#endif +#elif defined(__ARM_ARCH_8A) +/* Alternative defined by clang */ +#define MBEDTLS_ARCH_IS_ARMV8_A +#elif defined(_M_ARM64) || defined(_M_ARM64EC) +/* MSVC ARM64 is at least Armv8.0-A */ +#define MBEDTLS_ARCH_IS_ARMV8_A +#endif +#endif + +#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ + && !defined(__llvm__) && !defined(__INTEL_COMPILER) +/* Defined if the compiler really is gcc and not clang, etc */ +#define MBEDTLS_COMPILER_IS_GCC +#define MBEDTLS_GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#endif + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +/* Define `inline` on some non-C99-compliant compilers. */ +#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + +#if defined(TF_PSA_CRYPTO_CONFIG_FILES_READ) +#error \ + "Something went wrong: TF_PSA_CRYPTO_CONFIG_FILES_READ defined before reading the config files!" +#endif +#if defined(TF_PSA_CRYPTO_CONFIG_IS_FINALIZED) +#error \ + "Something went wrong: TF_PSA_CRYPTO_CONFIG_IS_FINALIZED defined before reading the config files!" +#endif + +/* PSA crypto configuration */ +#if defined(TF_PSA_CRYPTO_CONFIG_FILE) +#include TF_PSA_CRYPTO_CONFIG_FILE +#else +#include "psa/crypto_config.h" +#endif +#if defined(TF_PSA_CRYPTO_USER_CONFIG_FILE) +#include TF_PSA_CRYPTO_USER_CONFIG_FILE +#endif + +/* Indicate that all configuration files have been read. + * It is now time to adjust the configuration (follow through on dependencies, + * make PSA and legacy crypto consistent, etc.). + */ +#define TF_PSA_CRYPTO_CONFIG_FILES_READ + +/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if + * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined + * to ensure a 128-bit key size in CTR_DRBG. + */ +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C) +#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +#endif + +/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it + * in a previous release, to ensure backwards compatibility. + */ +#if defined(MBEDTLS_PKCS5_C) +#define MBEDTLS_MD_C +#endif + +/* PSA crypto specific configuration options + * - If config_psa.h reads a configuration option in preprocessor directive, + * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C) + * - If config_psa.h writes a configuration option in conditional directive, + * this symbol should be consulted after its inclusion. + * (e.g. MBEDTLS_MD_LIGHT) + */ +#include "mbedtls/config_psa.h" + +#include "mbedtls/config_adjust_legacy_crypto.h" + +/* Indicate that all configuration symbols are set, + * even the ones that are calculated programmatically. + * It is now safe to query the configuration (to check it, to size buffers, + * etc.). + */ +#define TF_PSA_CRYPTO_CONFIG_IS_FINALIZED + +#include "tf-psa-crypto/check_config.h" + +#endif /* TF_PSA_CRYPTO_BUILD_INFO_H */ diff --git a/tf-psa-crypto/include/tf-psa-crypto/check_config.h b/tf-psa-crypto/include/tf-psa-crypto/check_config.h index 92a7782e62..440179b166 100644 --- a/tf-psa-crypto/include/tf-psa-crypto/check_config.h +++ b/tf-psa-crypto/include/tf-psa-crypto/check_config.h @@ -20,11 +20,11 @@ /* *INDENT-OFF* */ -#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) +#if !defined(TF_PSA_CRYPTO_CONFIG_IS_FINALIZED) #warning "Do not include mbedtls/check_config.h manually! " \ "This may cause spurious errors. " \ "It is included automatically at the right point since Mbed TLS 3.0." -#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ +#endif /* !TF_PSA_CRYPTO_CONFIG_IS_FINALIZED */ /* * We assume CHAR_BIT is 8 in many places. In practice, this is true on our