aboutsummaryrefslogtreecommitdiff
path: root/include/psa/crypto_adjust_config_dependencies.h
AgeCommit message (Collapse)AuthorFilesLines
2024-06-12Move PSA headersRonald Cron1-51/+0
Move PSA headers to tf-psa-crypto directory. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-29Tweak wordingGilles Peskine1-1/+1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-29Error out if *adjust* headers are included manuallyGilles Peskine1-0/+8
Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. This has led some projects to include configuration adjustment headers manually, but only partially or in the wrong order, which can result in silent inconsistencies. Error out if this happens, with a message mentioning check_config.h since that's the likely root cause. ``` perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-17Fix crypto_adjust_config_dependencies.h documentationRonald Cron1-2/+6
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-17Fix PBKDF2_AES_CMAC_PRF_128 dependenciesRonald Cron1-1/+2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-17Fix the resolution of dependencies on HMACRonald Cron1-6/+12
The Mbed TLS implementations of ALG_TLS12_PRF, ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT, ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC operations through the driver interface. Thus if one of these algorithms is enabled and not accelerated, we need ALG_HMAC to be enabled (PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC defined). As HMAC operations occur through the driver interface, HMAC operations can be accelerated even if the caller algorithm is not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16Resolve PBKDF2_AES_CMAC_PRF_128 dependenciesRonald Cron1-0/+5
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16Resolve some HMAC dependencies automaticallyRonald Cron1-0/+27
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
generated by cgit v1.1 at 2024-10-20 01:14:43 +0000