Move copy of crypto libraries to mbedtls as this
copy does not make sense in TF-PSA-Crypto context.
Also copy all of them, not just tfpsacrypto.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename mbedcrypto target to tfpsacrypto and
prefix all cmake related variables with
tfpsacrypto instead of mbedcrypto.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove mentions of MBEDTLS_KEY_EXCHANGE_RSA_PSK that were not guarded by the
configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED. This finishes the
removal of library code that supports the RSA-PSK key exchange in TLS 1.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
Let the projects using some CMakeLists.txt files
without the top CMakeLists.txt define the variables
that the top CMakeLists.txt set for all.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit updates the build scripts for error.c generation to be
generated in the Mbed TLS library directory.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes #include "mbedtls/buildinfo.h" from pkcs7.c as it is
not needed unlike other C modules.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves version.h back into /include/mbedtls from
tf-psa-crypto/drivers/builtin/include. This commit also changes the
necessary build files and scripts to generate version_features.c
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Move library options to the top CMakeLists.txt.
That way:
- we will be able to set the TF-PSA-Crypto
library options according to the Mbed TLS ones.
- we can define the crypto library target names
in the top CMakeLists.txt and not in the library
one that is dedicated to the TLS and x509
libraries now.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit removes the MBEDTLS_OID_C guard from the static functions in
the library/x509_create.c as this function is no longer included in the
oid.c file.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
The compile-time option MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE gates both
support for interoperability with a peer that uses middlebox compatibility
mode, and support for activating that mode ourselves. Change code that is
only needed for interoperability to be guarded by
MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE.
As of this commit, MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE is always
enabled: there is no way to disable it, and there are no tests with it
disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit moves static functions that are necessary for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.c to x509.c
Signed-off-by: Sam Berry <sam.berry@arm.com>
Actually moved the function rather than trying to edit guards around it,
because the relevant guards are not nearby, the function was part of
larger blocks, so it seemed risky.
Also, that seems logically correct: the function is no longer part of
the "TLS 1.2 handshake functions common to server and client" section,
it's part of the "helper functions common to 1.2 and 1.3 server and
client" block. Ideally in the future perhaps the file structure should
reflect that (`ssl_generic.c` vs `ssl_tls12_generic.c`?) but that's out
of scope here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
