Also removed are all options of the form
MBEDTLS_ECP_XXX_ALT as well as
MBEDTLS_ECP_NO_FALLBACK.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Fix PSA_CRYPTO_CONFIG_H being treated as a configuration setting in
include/psa/crypto_config.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.
Move the offending boolean options to the proper section.
This causes those options to be enabled by `config.py full` unless
explicitly excluded. For all the offending options, this is undesirable, so
make sure those options are indeed excluded.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The EXCLUDE_FROM_FULL list in config.py should be, and used to be, but
no longer is, in alphabetical order, and with a comma on the last
element.
Signed-off-by: Janos Follath <janos.follath@arm.com>
By default, the full configuration enables all options. But we
specifically don't want to enable MBEDTLS_ECP_WITH_MPI_UINT except where
it's done explicitly, because it disables the old ecp. So it needs to be
added to the exceptions in config.py (EXCLUDE_FROM_FULL).
Signed-off-by: Janos Follath <janos.follath@arm.com>
Back when we introduced MBEDTLS_PSA_CRYPTO_CONFIG and it was still
experimental, it made sense that we tested it separately. Nowadays, the
feature is fully implemented, and the full config without
MBEDTLS_PSA_CRYPTO_CONFIG keeps cryptographic mechanisms that only have a
PSA implementation and aren't in the default build disabled (currently:
PBKDF2). So enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit adds configuration check in check_config.h if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled
by default in scripts/config.py for full configuration.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The build option MBEDTLS_PSA_INJECT_ENTROPY requires some extra platform
functions, for historical reasons. To enable us to test this option, provide
a version of these functions for testing.
(These versions would actually work in production, but providing them in the
library in a way that doesn't break existing users might be slightly tricky,
so it's out of scope of this commit.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
