Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index b9f1468..c203112 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -15,7 +15,7 @@
Mbed TLS version (number or commit id):
Operating system and version:
-Configuration (if not default, please attach `config.h`):
+Configuration (if not default, please attach `mbedtls_config.h`):
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index 18945e5..e81ff51 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -1,17 +1,5 @@
-list (APPEND thirdparty_src)
-list (APPEND thirdparty_lib)
-list (APPEND thirdparty_inc_public)
-list (APPEND thirdparty_inc)
-list (APPEND thirdparty_def)
-
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
if(${result} EQUAL 0)
add_subdirectory(everest)
endif()
-
-set(thirdparty_src ${thirdparty_src} PARENT_SCOPE)
-set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE)
-set(thirdparty_inc_public ${thirdparty_inc_public} PARENT_SCOPE)
-set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE)
-set(thirdparty_def ${thirdparty_def} PARENT_SCOPE)
diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
index d81d995..ff9da7a 100644
--- a/3rdparty/everest/CMakeLists.txt
+++ b/3rdparty/everest/CMakeLists.txt
@@ -1,16 +1,15 @@
-list (APPEND everest_src)
-list (APPEND everest_inc_public)
-list (APPEND everest_inc)
-list (APPEND everest_def)
+add_library(everest
+ library/everest.c
+ library/x25519.c
+ library/Hacl_Curve25519_joined.c)
-set(everest_src
- ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c
- ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c
- ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c
-)
-
-list(APPEND everest_inc_public ${CMAKE_CURRENT_SOURCE_DIR}/include)
-list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
+target_include_directories(everest
+ PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<INSTALL_INTERFACE:include>
+ PRIVATE include/everest
+ include/everest/kremlib
+ ${MBEDTLS_DIR}/library/)
if(INSTALL_MBEDTLS_HEADERS)
@@ -22,7 +21,7 @@
endif(INSTALL_MBEDTLS_HEADERS)
-set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE)
-set(thirdparty_inc_public ${thirdparty_inc_public} ${everest_inc_public} PARENT_SCOPE)
-set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE)
-set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE)
+install(TARGETS everest
+ EXPORT MbedTLSTargets
+ DESTINATION ${LIB_INSTALL_DIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index efe3cab..b92e0bb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,6 +20,8 @@
# until our infrastructure catches up.
cmake_minimum_required(VERSION 3.5.1)
+include(CMakePackageConfigHelpers)
+
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
# policy setting is deprecated, and will be removed in future versions.
@@ -84,7 +86,7 @@
if(MBEDTLS_PYTHON_EXECUTABLE)
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
RESULT_VARIABLE result)
if(${result} EQUAL 0)
message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
@@ -223,7 +225,6 @@
add_subdirectory(include)
add_subdirectory(3rdparty)
-list(APPEND libs ${thirdparty_lib})
add_subdirectory(library)
@@ -302,3 +303,37 @@
${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
endif()
endif()
+
+configure_package_config_file(
+ "cmake/MbedTLSConfig.cmake.in"
+ "cmake/MbedTLSConfig.cmake"
+ INSTALL_DESTINATION "cmake")
+
+write_basic_package_version_file(
+ "cmake/MbedTLSConfigVersion.cmake"
+ COMPATIBILITY SameMajorVersion
+ VERSION 2.26.0)
+
+install(
+ FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
+ "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
+ DESTINATION "cmake")
+
+export(
+ EXPORT MbedTLSTargets
+ NAMESPACE MbedTLS::
+ FILE "cmake/MbedTLSTargets.cmake")
+
+install(
+ EXPORT MbedTLSTargets
+ NAMESPACE MbedTLS::
+ DESTINATION "cmake"
+ FILE "MbedTLSTargets.cmake")
+
+if(CMAKE_VERSION VERSION_GREATER 3.14)
+ # Do not export the package by default
+ cmake_policy(SET CMP0090 NEW)
+
+ # Make this package visible to the system
+ export(PACKAGE MbedTLS)
+endif()
diff --git a/ChangeLog.d/add-cmake-package-config.txt b/ChangeLog.d/add-cmake-package-config.txt
new file mode 100644
index 0000000..3b73816
--- /dev/null
+++ b/ChangeLog.d/add-cmake-package-config.txt
@@ -0,0 +1,2 @@
+Changes
+ * Add CMake package config generation for CMake projects consuming Mbed TLS.
diff --git a/ChangeLog.d/split-config.txt b/ChangeLog.d/split-config.txt
new file mode 100644
index 0000000..f66dc93
--- /dev/null
+++ b/ChangeLog.d/split-config.txt
@@ -0,0 +1,13 @@
+Changes
+ * config.h has been split into build_info.h and mbedtls_config.h
+ build_info.h is intended to be included from C code directly, while
+ mbedtls_config.h is intended to be edited by end users wishing to
+ change the build configuration, and should generally only be included from
+ build_info.h.
+ * The handling of MBEDTLS_CONFIG_FILE has been moved into build_info.h.
+ * A config file version symbol, MBEDTLS_CONFIG_VERSION was introduced.
+ Defining it to a particular value will ensure that Mbed TLS interprets
+ the config file in a way that's compatible with the config file format
+ used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same
+ value.
+ The only value supported by Mbed TLS 3.0.0 is 0x03000000.
diff --git a/ChangeLog.d/spm_build.txt b/ChangeLog.d/spm_build.txt
new file mode 100644
index 0000000..6016d84
--- /dev/null
+++ b/ChangeLog.d/spm_build.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
+ in all the right places. Include it from crypto_platform.h, which is
+ the natural place. Fixes #4649.
diff --git a/README.md b/README.md
index 78d3c30..a469f8f 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@
Configuration
-------------
-Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions).
+Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions).
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
@@ -184,6 +184,33 @@
your value of CFLAGS doesn't override the content provided by cmake (depending
on the build mode as seen above), it's merely prepended to it.
+#### Consuming Mbed TLS
+
+Mbed TLS provides a package config file for consumption as a dependency in other
+CMake projects. You can include Mbed TLS's CMake targets yourself with:
+
+ find_package(MbedTLS)
+
+If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This
+creates the following targets:
+
+- `MbedTLS::mbedcrypto` (Crypto library)
+- `MbedTLS::mbedtls` (TLS library)
+- `MbedTLS::mbedx509` (X509 library)
+
+You can then use these directly through `target_link_libraries()`:
+
+ add_executable(xyz)
+
+ target_link_libraries(xyz
+ PUBLIC MbedTLS::mbedtls
+ MbedTLS::mbedcrypto
+ MbedTLS::mbedx509)
+
+This will link the Mbed TLS libraries to your library or application, and add
+its include directories to your target (transitively, in the case of `PUBLIC` or
+`INTERFACE` link libraries).
+
#### Mbed TLS as a subproject
Mbed TLS supports being built as a CMake subproject. One can
@@ -215,7 +242,7 @@
- `tests/compat.sh` tests interoperability of every ciphersuite with other implementations.
- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations.
- `tests/scripts/key-exchanges.pl` test builds in configurations with a single key exchange enabled
-- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `config.h`, etc).
+- `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc).
Porting Mbed TLS
----------------
@@ -254,7 +281,7 @@
Mbed TLS includes a reference implementation of the PSA Cryptography API.
This implementation is not yet as mature as the rest of the library. Some parts of the code have not been reviewed as thoroughly, and some parts of the PSA implementation are not yet well optimized for code size.
-The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `config.h`.
+The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`.
There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
diff --git a/cmake/MbedTLSConfig.cmake.in b/cmake/MbedTLSConfig.cmake.in
new file mode 100644
index 0000000..b65bbab
--- /dev/null
+++ b/cmake/MbedTLSConfig.cmake.in
@@ -0,0 +1,3 @@
+@PACKAGE_INIT@
+
+include("${CMAKE_CURRENT_LIST_DIR}/MbedTLSTargets.cmake")
diff --git a/configs/README.txt b/configs/README.txt
index 933fa7f..9e5a243 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -4,12 +4,10 @@
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.
-These files are complete replacements for the default config.h. To use one of
+These files are complete replacements for the default mbedtls_config.h. To use one of
them, you can pick one of the following methods:
-1. Replace the default file include/mbedtls/config.h with the chosen one.
- (Depending on your compiler, you may need to adjust the line with
- #include "mbedtls/check_config.h" then.)
+1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one.
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
For example, using make:
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index a829501..51bb962 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -29,8 +29,6 @@
*
* See README.txt for usage instructions.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
/* System support */
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
@@ -85,7 +83,3 @@
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 7ca33c3..edba4a0 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -29,9 +29,6 @@
* See README.txt for usage instructions.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
@@ -86,7 +83,3 @@
/* Miscellaneous options */
#define MBEDTLS_AES_ROM_TABLES
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index b62bdfa..c70773d 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -33,9 +33,6 @@
* See README.txt for usage instructions.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
@@ -113,7 +110,3 @@
*/
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index 5b10063..6aff42f 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -20,9 +20,6 @@
* limitations under the License.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
/* System support */
//#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
@@ -90,9 +87,3 @@
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
-
-#include "mbedtls/config_psa.h"
-
-#include "check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-thread.h b/configs/config-thread.h
index c1937de..be889a1 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -32,9 +32,6 @@
* See README.txt for usage instructions.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
/* System support */
#define MBEDTLS_HAVE_ASM
@@ -89,7 +86,3 @@
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md b/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
index 85a85b9..0863363 100644
--- a/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
+++ b/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
@@ -1,7 +1,7 @@
Remove 3DES ciphersuites
--
-This change does not affect users using default settings for 3DES in `config.h`
+This change does not affect users using default settings for 3DES in `mbedtls_config.h`
because the 3DES ciphersuites were disabled by that.
3DES has weaknesses/limitations and there are better alternatives, and more and
diff --git a/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md b/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
index bc3fa68..c4005cf 100644
--- a/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
+++ b/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
@@ -1,10 +1,10 @@
Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
--
-This change affects users who modified the default `config.h` padding granularity
+This change affects users who modified the default `mbedtls_config.h` padding granularity
settings, i.e. enabled at least one of the options.
-The `config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
+The `mbedtls_config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because
they used exactly the same padding mechanism and hence their respective padding
granularities can be used in exactly the same way. This change simplifies the
diff --git a/docs/3.0-migration-guide.d/modify_SHA384_option_behaviour.md b/docs/3.0-migration-guide.d/modify_SHA384_option_behaviour.md
index fe6c75e..68eacfc 100644
--- a/docs/3.0-migration-guide.d/modify_SHA384_option_behaviour.md
+++ b/docs/3.0-migration-guide.d/modify_SHA384_option_behaviour.md
@@ -1,7 +1,7 @@
Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C
------------------------------------------------------
-This does not affect users who use the default `config.h`.
+This does not affect users who use the default `mbedtls_config.h`.
MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is
enabled by default.
diff --git a/docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md b/docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md
index c3c3306..917d1ac 100644
--- a/docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md
+++ b/docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md
@@ -1,7 +1,7 @@
Remove the configuration to enable weak ciphersuites in SSL / TLS
-----------------------------------------------------------------
-This does not affect users who use the default `config.h`, as this option was
+This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default.
If you were using a weak cipher, please switch to any of the modern,
diff --git a/docs/3.0-migration-guide.d/remove-null-entropy.md b/docs/3.0-migration-guide.d/remove-null-entropy.md
index 50e024a..c38c930 100644
--- a/docs/3.0-migration-guide.d/remove-null-entropy.md
+++ b/docs/3.0-migration-guide.d/remove-null-entropy.md
@@ -1,7 +1,7 @@
Remove the option to build the library without any entropy sources
------------------------------------------------------------------
-This does not affect users who use the default `config.h`, as this option was
+This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default.
If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform
diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
index 2acb3bf..ebb4be9 100644
--- a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
+++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
@@ -1,4 +1,4 @@
-Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h`
+Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h`
-------------------------------------------------------------------
This change affects users who have chosen the configuration options to disable the
diff --git a/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
index f81bdad..3c0cbe9 100644
--- a/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
+++ b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
@@ -1,7 +1,7 @@
Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
-------------------------------------------
-This change does not affect users who used the default `config.h`, as the option
+This change does not affect users who used the default `mbedtls_config.h`, as the option
MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
This option was a trade-off between functionality and code size: it allowed
diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md
index 7550f7b..7bee4ae 100644
--- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md
+++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md
@@ -1,7 +1,7 @@
Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default
--------------------------------------------------------------------------
-This change does not affect users who use the default config.h, as the
+This change does not affect users who use the default mbedtls_config.h, as the
option MBEDTLS_SSL_RECORD_CHECKING was already on by default.
This option was added only to control compilation of one function,
diff --git a/docs/3.0-migration-guide.d/separate_SHA224_from_SHA256.md b/docs/3.0-migration-guide.d/separate_SHA224_from_SHA256.md
index 96a38e0..f5a8d98 100644
--- a/docs/3.0-migration-guide.d/separate_SHA224_from_SHA256.md
+++ b/docs/3.0-migration-guide.d/separate_SHA224_from_SHA256.md
@@ -1,7 +1,7 @@
Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C
-----------------------------------------------------------------
-This does not affect users who use the default `config.h`. MBEDTLS_SHA256_C
+This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA256_C
was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are
enabled.
diff --git a/docs/3.0-migration-guide.d/split_config.md b/docs/3.0-migration-guide.d/split_config.md
new file mode 100644
index 0000000..6f433c5
--- /dev/null
+++ b/docs/3.0-migration-guide.d/split_config.md
@@ -0,0 +1,20 @@
+Introduce a level of indirection and versioning in the config files
+-------------------------------------------------------------------
+
+`config.h` was split into `build_info.h` and `mbedtls_config.h`.
+
+* In code, use `#include <mbedtls/build_info.h>`. Don't include `mbedtls/config.h` and don't refer to `MBEDTLS_CONFIG_FILE`.
+* In build tools, edit `mbedtls_config.h`, or edit `MBEDTLS_CONFIG_FILE` as before.
+* If you had a tool that parsed the library version from `include/mbedtls/version.h`, this has moved to `include/mbedtls/build_info.h`. From C code, both headers now define the `MBEDTLS_VERSION_xxx` macros.
+
+Also, if you have a custom configuration file:
+
+* Don't include `check_config.h` or `config_psa.h` anymore.
+* Don't define `MBEDTLS_CONFIG_H` anymore.
+
+A config file version symbol, `MBEDTLS_CONFIG_VERSION` was introduced.
+Defining it to a particular value will ensure that Mbed TLS interprets
+the config file in a way that's compatible with the config file format
+used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same
+value.
+The only value supported by Mbed TLS 3.0.0 is `0x03000000`.
diff --git a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
index 6a6554d..6f5a13a 100644
--- a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
+++ b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
@@ -2,7 +2,7 @@
--
This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-option in the `config.h`
+option in the `mbedtls_config.h`
This option has been removed and a new function with similar functionality has
been introduced into the SSL API.
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 1541c7a..5fe6ebd 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -139,7 +139,7 @@
Remove support for TLS RC4-based ciphersuites
---------------------------------------------
-This does not affect people who used the default `config.h` and the default
+This does not affect people who used the default `mbedtls_config.h` and the default
list of ciphersuites, as RC4-based ciphersuites were already not negotiated in
that case.
diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md
index c4178fa..d0d4776 100644
--- a/docs/architecture/testing/test-framework.md
+++ b/docs/architecture/testing/test-framework.md
@@ -51,7 +51,7 @@
The outcome file has 6 fields:
* **Platform**: a description of the platform, e.g. `Linux-x86_64` or `Linux-x86_64-gcc7-msan`.
-* **Configuration**: a unique description of the configuration (`config.h`).
+* **Configuration**: a unique description of the configuration (`mbedtls_config.h`).
* **Test suite**: `test_suite_xxx` or `ssl-opt`.
* **Test case**: the description of the test case.
* **Result**: one of `PASS`, `SKIP` or `FAIL`.
diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 10cbfa1..0009c68 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -15,7 +15,7 @@
This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable
implementation of the TLS 1.3 protocol is available.
-See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/config.h)
+See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/mbedtls_config.h)
for more information.
Status
diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md
index 2ddba7f..50a1404 100644
--- a/docs/proposed/psa-conditional-inclusion-c.md
+++ b/docs/proposed/psa-conditional-inclusion-c.md
@@ -15,7 +15,7 @@
### Conditional inclusion of legacy cryptography modules
-Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`.
+Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`mbedtls_config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`.
### PSA evolution
@@ -51,10 +51,10 @@
The PSA Crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below.
-The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h` is used.
+The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/mbedtls_config.h` determines whether `psa/crypto_config.h` is used.
* If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols.
-* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`.
+* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/mbedtls_config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`.
### PSA Crypto configuration symbols
@@ -123,17 +123,17 @@
#### New-style definition of configuration symbols
-When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
+When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/mbedtls_config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
`mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements.
#### Old-style definition of configuration symbols
-When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`).
+When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/mbedtls_config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`).
The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`.
-Since some existing applications use a handwritten `mbedtls/config.h` or an edited copy of `mbedtls/config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`).
+Since some existing applications use a handwritten `mbedtls/mbedtls_config.h` or an edited copy of `mbedtls/mbedtls_config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/mbedtls_config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`).
#### Summary of definitions of configuration symbols
@@ -145,13 +145,13 @@
* (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS.
* (G) indicates a symbol that is generated from driver descriptions.
-| Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` |
-| ------------------------- | -------------------------------- | ----------------------------------- |
-| `MBEDTLS_xxx_C` | `mbedtls/config.h` (U) or | `mbedtls/config.h` (U) |
-| | `mbedtls/config_psa.h` (D) | |
-| `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) |
-| `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) |
-| `MBEDTLS_PSA_ACCEL_xxx` | `mbedtls/crypto_drivers.h` (G) | N/A |
+| Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` |
+| ------------------------- | --------------------------------- | ----------------------------------- |
+| `MBEDTLS_xxx_C` | `mbedtls/mbedtls_config.h` (U) or | `mbedtls/mbedtls_config.h` (U) |
+| | `mbedtls/config_psa.h` (D) | |
+| `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) |
+| `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) |
+| `MBEDTLS_PSA_ACCEL_xxx` | `mbedtls/crypto_drivers.h` (G) | N/A |
#### Visibility of internal symbols
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 62c0f62..e693bc1 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -15,7 +15,7 @@
endif(INSTALL_MBEDTLS_HEADERS)
-# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
+# Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it.
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
link_to_source(psa)
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index e23b9ca..0050980 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -41,11 +41,7 @@
#define MBEDTLS_AES_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 854aa69..0854706 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -30,11 +30,7 @@
#define MBEDTLS_ARIA_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 6611981..4668581 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -23,11 +23,7 @@
#define MBEDTLS_ASN1_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index fb111ca..d60ca0d 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 7e73a8b..e3938b4 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 74deecf..5187d86 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -23,11 +23,7 @@
#define MBEDTLS_BIGNUM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
new file mode 100644
index 0000000..c7d4cdb
--- /dev/null
+++ b/include/mbedtls/build_info.h
@@ -0,0 +1,83 @@
+/**
+ * \file build_info.h
+ *
+ * \brief Build-time configuration info
+ *
+ * Include this file if you need to depend on the
+ * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
+ */
+ /*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_BUILD_INFO_H
+#define MBEDTLS_BUILD_INFO_H
+
+/*
+ * This set of compile-time defines can be used to determine the version number
+ * of the Mbed TLS library used. Run-time variables for the same can be found in
+ * version.h
+ */
+
+/**
+ * The version number x.y.z is split into three parts.
+ * Major, Minor, Patchlevel
+ */
+#define MBEDTLS_VERSION_MAJOR 2
+#define MBEDTLS_VERSION_MINOR 26
+#define MBEDTLS_VERSION_PATCH 0
+
+/**
+ * The single version number has the following structure:
+ * MMNNPP00
+ * Major version | Minor version | Patch version
+ */
+#define MBEDTLS_VERSION_NUMBER 0x021A0000
+#define MBEDTLS_VERSION_STRING "2.26.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.26.0"
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/mbedtls_config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CONFIG_VERSION) && ( \
+ MBEDTLS_CONFIG_VERSION < 0x03000000 || \
+ MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER )
+#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
+#endif
+
+/* Target and application specific configurations
+ *
+ * Allow user to override any previous default.
+ *
+ */
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#include "mbedtls/config_psa.h"
+#endif
+
+#include "mbedtls/check_config.h"
+
+#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index d2d4f61..6a09da8 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -23,11 +23,7 @@
#define MBEDTLS_CAMELLIA_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 9529e2f..6613cee 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -48,11 +48,7 @@
#define MBEDTLS_CCM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 441aaa4..25e1a26 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -33,11 +33,7 @@
#define MBEDTLS_CHACHA20_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdint.h>
#include <stddef.h>
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 7c36739..3f6e4a3 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -33,11 +33,7 @@
#define MBEDTLS_CHACHAPOLY_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/* for shared error codes */
#include "mbedtls/poly1305.h"
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 36959ed..e38892d 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -20,11 +20,6 @@
* limitations under the License.
*/
-/*
- * It is recommended to include this file from your config.h
- * in order to catch dependency issues early.
- */
-
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
@@ -42,7 +37,7 @@
#error "MBEDTLS_PLATFORM_C is required on Windows"
#endif
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
* it would confuse config.py. */
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 99dc7c7..7afdc6a 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -28,11 +28,7 @@
#define MBEDTLS_CIPHER_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include "mbedtls/platform_util.h"
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 65c831c..3e599b9 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -27,11 +27,7 @@
#define MBEDTLS_CMAC_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index a0f2637..f182c52 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -3,11 +3,11 @@
* \brief PSA crypto configuration options (set of defines)
*
* This set of compile-time options takes settings defined in
- * include/mbedtls/config.h and include/psa/crypto_config.h and uses
+ * include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h and uses
* those definitions to define symbols used in the library code.
*
* Users and integrators should not edit this file, please edit
- * include/mbedtls/config.h for MBETLS_XXX settings or
+ * include/mbedtls/mbedtls_config.h for MBETLS_XXX settings or
* include/psa/crypto_config.h for PSA_WANT_XXX settings.
*/
/*
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index b8e2c71..c188b08 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -16,7 +16,7 @@
* The security strength as defined in NIST SP 800-90A is
* 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
* and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in config.h) and that the
+ * kept at its default value (and not overridden in mbedtls_config.h) and that the
* DRBG instance is set up with default parameters.
* See the documentation of mbedtls_ctr_drbg_seed() for more
* information.
@@ -42,11 +42,7 @@
#define MBEDTLS_CTR_DRBG_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
@@ -84,7 +80,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them using the compiler command
+ * Either change them in mbedtls_config.h or define them using the compiler command
* line.
* \{
*/
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 71b0829..0aed596 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_DEBUG_H
#define MBEDTLS_DEBUG_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 24d2402..9e2f683 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -28,11 +28,7 @@
#define MBEDTLS_DES_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 850813e..75baed9 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -64,11 +64,7 @@
#define MBEDTLS_DHM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
/*
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 587035a..7fa7440 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -33,11 +33,7 @@
#define MBEDTLS_ECDH_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ecp.h"
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index ecb9df9..71b73ee 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -31,11 +31,7 @@
#define MBEDTLS_ECDSA_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 27a091d..a73f624 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -39,11 +39,7 @@
* The payloads are serialized in a way suitable for use in TLS, but could
* also be use outside TLS.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index db84c10..b87114b 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -35,11 +35,7 @@
#define MBEDTLS_ECP_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
@@ -95,7 +91,7 @@
* - Increment MBEDTLS_ECP_DP_MAX below if needed.
* - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
* - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
- * config.h.
+ * mbedtls_config.h.
* - List the curve as a dependency of MBEDTLS_ECP_C and
* MBEDTLS_ECDSA_C if supported in check_config.h.
* - Add the curve to the appropriate curve type macro
@@ -248,7 +244,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h, or define them using the compiler command line.
+ * Either change them in mbedtls_config.h, or define them using the compiler command line.
* \{
*/
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 78591e7..a16a375 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -23,11 +23,7 @@
#define MBEDTLS_ENTROPY_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
@@ -56,7 +52,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 2835fd5..2eb2b05 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_ERROR_H
#define MBEDTLS_ERROR_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 06b06b4..d1219bb 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -32,11 +32,7 @@
#define MBEDTLS_GCM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 2e6b363..81a6270 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -25,11 +25,7 @@
#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 164a4f7..0df8ee8 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -27,11 +27,7 @@
#define MBEDTLS_HMAC_DRBG_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
@@ -51,7 +47,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/config.h b/include/mbedtls/mbedtls_config.h
similarity index 99%
rename from include/mbedtls/config.h
rename to include/mbedtls/mbedtls_config.h
index 47605f9..a60db7e 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1,5 +1,5 @@
/**
- * \file config.h
+ * \file mbedtls_config.h
*
* \brief Configuration options (set of defines)
*
@@ -24,12 +24,14 @@
* limitations under the License.
*/
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
+/**
+ * This is an optional version symbol that enables comatibility handling of
+ * config files.
+ *
+ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
+ * introduced the config format we want to be compatible with.
+ */
+//#define MBEDTLS_CONFIG_VERSION 0x03000000
/**
* \name SECTION: System support
@@ -1741,10 +1743,6 @@
* Uncomment this to enable use of PSA Crypto configuration settings which
* can be found in include/psa/crypto_config.h.
*
- * If you enable this option and write your own configuration file, you must
- * include mbedtls/config_psa.h in your configuration file. The default
- * provided mbedtls/config.h contains the necessary inclusion.
- *
* This feature is still experimental and is not ready for production since
* it is not completed.
*/
@@ -3263,20 +3261,3 @@
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
/* \} name SECTION: Customisation configuration options */
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "mbedtls/config_psa.h"
-#endif
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 7bf8213..1170bc1 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -28,11 +28,7 @@
#include <stddef.h>
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 6ef3591..e7befc3 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -27,11 +27,7 @@
#define MBEDTLS_MD5_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 2339772..d4737f5 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
@@ -34,7 +30,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 502b9f4..7b77329 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -39,11 +39,7 @@
#define MBEDTLS_NET_SOCKETS_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index c537b58..bd6c658 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -36,11 +36,7 @@
#define MBEDTLS_NIST_KW_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 1921042..9e68e91 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -23,11 +23,7 @@
#define MBEDTLS_OID_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 9242da6..a01a296 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -23,11 +23,7 @@
#define MBEDTLS_PEM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index a8a7a2e..f3553cc 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -24,11 +24,7 @@
#define MBEDTLS_PK_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index 06092d3..de139ac 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 8f348ce..c339398 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -24,11 +24,7 @@
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index c50d7d2..277a85c 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -32,11 +32,7 @@
#define MBEDTLS_PLATFORM_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
@@ -50,7 +46,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 7e7daab..8d4b95d 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#ifdef __cplusplus
extern "C" {
@@ -36,7 +32,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 6d9cfec..1a0a135 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -23,11 +23,7 @@
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 4d25385..7984ca4 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -33,11 +33,7 @@
#define MBEDTLS_POLY1305_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdint.h>
#include <stddef.h>
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index d7b9b17..f6f2e58 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -27,11 +27,7 @@
#define MBEDTLS_PSA_UTIL_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index f12f434..9132a83 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -23,11 +23,7 @@
#define MBEDTLS_RIPEMD160_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 9a070e7..cffbe3b 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -29,11 +29,7 @@
#define MBEDTLS_RSA_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
#include "mbedtls/md.h"
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 0975e2d..d2db67c 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -30,11 +30,7 @@
#define MBEDTLS_SHA1_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 76bed43..7f42c2c 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -26,11 +26,7 @@
#define MBEDTLS_SHA256_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 00d8338..c43b907 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -25,11 +25,7 @@
#define MBEDTLS_SHA512_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 02b59ed..ed3936a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -23,11 +23,7 @@
#define MBEDTLS_SSL_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
@@ -215,7 +211,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
@@ -3543,7 +3539,7 @@
*
* \note The logic to determine the maximum outgoing record payload is
* version-specific. It takes into account various factors, such as
- * the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+ * the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
* such as the max fragment length or record size limit extension if
* used, and for DTLS the path MTU as configured and current
* record expansion.
@@ -3570,7 +3566,7 @@
*
* \note The logic to determine the maximum outgoing record payload is
* version-specific. It takes into account various factors, such as
- * the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+ * the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
* such as the max fragment length extension or record size limit
* extension if used, and the current record expansion.
*
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index d995f8f..6a81ac9 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -23,11 +23,7 @@
#define MBEDTLS_SSL_CACHE_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
@@ -39,7 +35,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index e343c9c..812560c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -23,11 +23,7 @@
#define MBEDTLS_SSL_CIPHERSUITES_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/pk.h"
#include "mbedtls/cipher.h"
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index c4f042c..86698b0 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -23,11 +23,7 @@
#define MBEDTLS_SSL_COOKIE_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
@@ -39,7 +35,7 @@
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command line.
* \{
*/
#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 1047dbb..0f4117d 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -23,11 +23,7 @@
#define MBEDTLS_SSL_TICKET_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/*
* This implementation of the session ticket callbacks includes key
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index fae96c2..96cadc4 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -23,11 +23,7 @@
#define MBEDTLS_THREADING_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdlib.h>
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 6ffc812..25db1c6 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -23,11 +23,7 @@
#define MBEDTLS_TIMING_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdint.h>
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 5b0c70f..773da4a 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -20,34 +20,14 @@
* limitations under the License.
*/
/*
- * This set of compile-time defines and run-time variables can be used to
- * determine the version number of the mbed TLS library used.
+ * This set of run-time variables can be used to determine the version number of
+ * the Mbed TLS library used. Compile-time version defines for the same can be
+ * found in build_info.h
*/
#ifndef MBEDTLS_VERSION_H
#define MBEDTLS_VERSION_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/**
- * The version number x.y.z is split into three parts.
- * Major, Minor, Patchlevel
- */
-#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 26
-#define MBEDTLS_VERSION_PATCH 0
-
-/**
- * The single version number has the following structure:
- * MMNNPP00
- * Major version | Minor version | Patch version
- */
-#define MBEDTLS_VERSION_NUMBER 0x021A0000
-#define MBEDTLS_VERSION_STRING "2.26.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.26.0"
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_VERSION_C)
@@ -90,7 +70,7 @@
*
* \note only checks against defines in the sections "System
* support", "mbed TLS modules" and "mbed TLS feature
- * support" in config.h
+ * support" in mbedtls_config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
*
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index b7a969a..5be4286 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -23,11 +23,7 @@
#define MBEDTLS_X509_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 440da12..9331827 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -23,11 +23,7 @@
#define MBEDTLS_X509_CRL_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/x509.h"
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 9b0a495..49211a9 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -23,11 +23,7 @@
#define MBEDTLS_X509_CRT_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index a0f1278..674f9ce 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -23,11 +23,7 @@
#define MBEDTLS_X509_CSR_H
#include "mbedtls/private_access.h"
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/x509.h"
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 3532fef..b3ef363 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3805,7 +3805,7 @@
* This function calculates output bytes from a key derivation algorithm and
* compares those bytes to an expected value in constant time.
* If you view the key derivation's output as a stream of bytes, this
- * function destructively reads the requested number of bytes from the
+ * function destructively reads the expected number of bytes from the
* stream before comparing them.
* The operation's capacity decreases by the number of bytes read.
*
@@ -3824,13 +3824,13 @@
* psa_key_derivation_abort().
*
* \param[in,out] operation The key derivation operation object to read from.
- * \param[in] expected_output Buffer where the output will be written.
+ * \param[in] expected_output Buffer containing the expected derivation output.
* \param output_length Length ot the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The output was read successfully, but if differs from the expected
+ * The output was read successfully, but it differs from the expected
* output.
* \retval #PSA_ERROR_NOT_PERMITTED
* One of the inputs was a key whose policy didn't allow
@@ -3840,7 +3840,7 @@
* \p output_length bytes. Note that in this case,
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
- * succeed, even with a smaller output buffer.
+ * succeed, even with a smaller expected output.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps).
@@ -3905,7 +3905,7 @@
* the length of the expected value. In this case,
* the operation's capacity is set to 0, thus
* subsequent calls to this function will not
- * succeed, even with a smaller output buffer.
+ * succeed, even with a smaller expected output.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps).
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 32ef1c2..3f95d0e 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -5,7 +5,7 @@
*/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
/**
- * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h,
+ * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
* this file determines which cryptographic mechanisms are enabled
* through the PSA Cryptography API (\c psa_xxx() functions).
*
@@ -24,7 +24,7 @@
*/
#else
/**
- * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h,
+ * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
* this file is not used, and cryptographic mechanisms are supported
* through the PSA API if and only if they are supported through the
* mbedtls_xxx API.
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 51c0859..2c0b106 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -40,7 +40,7 @@
/* UID for secure storage seed */
#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
-/* See config.h for definition */
+/* See mbedtls_config.h for definition */
#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index d60b773..4787e44 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -36,11 +36,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
* feature symbols. */
@@ -82,6 +78,18 @@
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+/*
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
+ * (Secure Partition Manager) integration which separates the code into two
+ * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
+ * Environment). When building for the SPE, an additional header file should be
+ * included.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#define PSA_CRYPTO_SECURE 1
+#include "crypto_spe.h"
+#endif // MBEDTLS_PSA_CRYPTO_SPM
+
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** The type of the context passed to mbedtls_psa_external_get_random().
*
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 15cdb41..2811c23 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -42,11 +42,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 0afdf84..0b49a21 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -68,11 +68,7 @@
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cmac.h"
#include "mbedtls/gcm.h"
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 7d2f432..daef941 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -835,7 +835,7 @@
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
- * \return 1 if \p alg is a key stretching / passowrd hashing algorithm, 0
+ * \return 1 if \p alg is a key stretching / password hashing algorithm, 0
* otherwise. This macro may return either 0 or 1 if \p alg is not a
* supported algorithm identifier.
*/
@@ -2266,12 +2266,14 @@
/** Whether the key may be used to derive other keys or produce a password
* hash.
*
- * This flag allows the key to be used as the input of
- * psa_key_derivation_input_key() at the step
- * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD
- * depending on the algorithm, and allows the use of
- * psa_key_derivation_output_bytes() or psa_key_derivation_output_key()
- * at the end of the operation.
+ * This flag allows the key to be used for a key derivation operation or for
+ * a key agreement operation, if otherwise permitted by by the key's type and
+ * policy.
+ *
+ * If this flag is present on all keys used in calls to
+ * psa_key_derivation_input_key() for a key derivation operation, then it
+ * permits calling psa_key_derivation_output_bytes() or
+ * psa_key_derivation_output_key() at the end of the operation.
*/
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
@@ -2280,14 +2282,13 @@
*
* This flag allows the key to be used:
*
- * - for a key of type #PSA_KEY_TYPE_PASSWORD_HASH, as the \c key argument of
- * psa_key_derivation_verify_key();
- * - for a key of type #PSA_KEY_TYPE_PASSWORD (or #PSA_KEY_TYPE_DERIVE), as
- * the input to psa_key_derivation_input_key() at the step
- * #PSA_KEY_DERIVATION_INPUT_PASSWORD (or #PSA_KEY_DERIVATION_INPUT_SECRET);
- * then at the end of the operation use of psa_key_derivation_verify_bytes()
- * or psa_key_derivation_verify_key() will be permitted (but not
- * psa_key_derivation_output_xxx() unless #PSA_KEY_USAGE_DERIVE is set).
+ * This flag allows the key to be used in a key derivation operation, if
+ * otherwise permitted by by the key's type and policy.
+ *
+ * If this flag is present on all keys used in calls to
+ * psa_key_derivation_input_key() for a key derivation operation, then it
+ * permits calling psa_key_derivation_verify_bytes() or
+ * psa_key_derivation_verify_key() at the end of the operation.
*/
#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000)
@@ -2306,11 +2307,11 @@
*
* The secret can also be a direct input (passed to
* key_derivation_input_bytes()). In this case, the derivation operation
- * may not be used to derive or verify keys: the operation will only allow
- * psa_key_derivation_output_bytes() or
- * psa_key_derivation_verify_bytes() but not
- * psa_key_derivation_output_key() or
- * psa_key_derivation_verify_key().
+ * may not be used to derive keys: the operation will only allow
+ * psa_key_derivation_output_bytes(),
+ * psa_key_derivation_verify_bytes(), or
+ * psa_key_derivation_verify_key(), but not
+ * psa_key_derivation_output_key().
*/
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
@@ -2324,11 +2325,11 @@
*
* The secret can also be a direct input (passed to
* key_derivation_input_bytes()). In this case, the derivation operation
- * may not be used to derive or verify keys: the operation will only allow
- * psa_key_derivation_output_bytes() or
- * psa_key_derivation_verify_bytes(), not
- * psa_key_derivation_output_key() or
- * psa_key_derivation_verify_key().
+ * may not be used to derive keys: the operation will only allow
+ * psa_key_derivation_output_bytes(),
+ * psa_key_derivation_verify_bytes(), or
+ * psa_key_derivation_verify_key(), but not
+ * psa_key_derivation_output_key().
*/
#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index d6ecba5..14fecff 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -82,8 +82,6 @@
version_features.c
)
-list(APPEND src_crypto ${thirdparty_src})
-
set(src_x509
x509.c
x509_create.c
@@ -175,6 +173,10 @@
set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
+ if(TARGET everest)
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC everest)
+ endif()
+
add_library(${mbedx509_static_target} STATIC ${src_x509})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
@@ -189,6 +191,10 @@
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.26.0 SOVERSION 6)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
+ if(TARGET everest)
+ target_link_libraries(${mbedcrypto_target} PUBLIC everest)
+ endif()
+
add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.26.0 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
@@ -205,15 +211,14 @@
# /library needs to be listed explicitly when building .c files outside
# of /library (which currently means: under /3rdparty).
target_include_directories(${target}
- PUBLIC ${MBEDTLS_DIR}/include/
- PUBLIC ${thirdparty_inc_public}
- PRIVATE ${MBEDTLS_DIR}/library/
- PRIVATE ${thirdparty_inc})
- target_compile_definitions(${target}
- PRIVATE ${thirdparty_def})
- install(TARGETS ${target}
- DESTINATION ${LIB_INSTALL_DIR}
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
+ $<INSTALL_INTERFACE:include/>
+ PRIVATE ${MBEDTLS_DIR}/library/)
+ install(
+ TARGETS ${target}
+ EXPORT MbedTLSTargets
+ DESTINATION ${LIB_INSTALL_DIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endforeach(target)
set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
diff --git a/library/Makefile b/library/Makefile
index 62fd997..3f54bac 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -1,5 +1,5 @@
-# Also see "include/mbedtls/config.h"
+# Also see "include/mbedtls/mbedtls_config.h"
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
@@ -281,12 +281,12 @@
version_features.c: ../scripts/generate_features.pl
version_features.c: ../scripts/data_files/version_features.fmt
-## The generated file only depends on the options that are present in config.h,
+## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
-## when switching between configurations, don't declare config.h as a
+## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
-## removed an option in config.h.
-#version_features.c: ../include/mbedtls/config.h
+## removed an option in mbedtls_config.h.
+#version_features.c: ../include/mbedtls/mbedtls_config.h
version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
diff --git a/library/aesni.h b/library/aesni.h
index c1d22f5..3359cfe 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -25,11 +25,7 @@
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
diff --git a/library/bn_mul.h b/library/bn_mul.h
index 17d057f..b6b3b9e 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -36,11 +36,7 @@
#ifndef MBEDTLS_BN_MUL_H
#define MBEDTLS_BN_MUL_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h
index 5635982..90563d8 100644
--- a/library/cipher_wrap.h
+++ b/library/cipher_wrap.h
@@ -24,11 +24,7 @@
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/library/common.h b/library/common.h
index 0f61f94..a2c8a1e 100644
--- a/library/common.h
+++ b/library/common.h
@@ -23,11 +23,7 @@
#ifndef MBEDTLS_LIBRARY_COMMON_H
#define MBEDTLS_LIBRARY_COMMON_H
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "mbedtls/build_info.h"
/** Helper to define a function as static except when building invasive tests.
*
diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h
index 9b157ea..a7544aa 100644
--- a/library/ecp_internal_alt.h
+++ b/library/ecp_internal_alt.h
@@ -59,11 +59,7 @@
#ifndef MBEDTLS_ECP_INTERNAL_H
#define MBEDTLS_ECP_INTERNAL_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index bccc034..058c307 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -44,7 +44,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
+#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
#endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index bf26889..aef1a09 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
@@ -55,7 +51,7 @@
* \brief Entropy poll callback for a hardware source
*
* \warning This is not provided by mbed TLS!
- * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
+ * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.
*/
diff --git a/library/md_wrap.h b/library/md_wrap.h
index cfd418a..90c7957 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -26,11 +26,7 @@
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 5fbe1f7..17a9e4a 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -18,7 +18,7 @@
*/
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
- * be set before config.h, which pulls in glibc's features.h indirectly.
+ * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L
@@ -34,7 +34,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__)
-#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
+#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
diff --git a/library/padlock.h b/library/padlock.h
index 4f4e400..1506ee0 100644
--- a/library/padlock.h
+++ b/library/padlock.h
@@ -26,11 +26,7 @@
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 42ccca7..6f5addf 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -23,11 +23,7 @@
#ifndef MBEDTLS_PK_WRAP_H
#define MBEDTLS_PK_WRAP_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/pk.h"
diff --git a/library/platform_util.c b/library/platform_util.c
index 98fe5de..4e97e4d 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -20,7 +20,7 @@
/*
* Ensure gmtime_r is available even with -std=c99; must be defined before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/
#if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 7c90102..d089fe0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -26,7 +26,6 @@
#include "check_crypto_config.h"
#endif
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
@@ -2091,34 +2090,54 @@
psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
/* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
* directly zeroes the int-sized dummy member of the context union. */
memset( &operation->ctx, 0, sizeof( operation->ctx ) );
- return( psa_driver_wrapper_hash_setup( operation, alg ) );
+ status = psa_driver_wrapper_hash_setup( operation, alg );
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_hash_abort( operation );
+
+ return status;
}
psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
if( input_length == 0 )
return( PSA_SUCCESS );
- psa_status_t status = psa_driver_wrapper_hash_update( operation,
- input, input_length );
+ status = psa_driver_wrapper_hash_update( operation, input, input_length );
+
+exit:
if( status != PSA_SUCCESS )
psa_hash_abort( operation );
@@ -2150,13 +2169,24 @@
operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length );
+
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
+
if( actual_hash_length != hash_length )
- return( PSA_ERROR_INVALID_SIGNATURE );
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+
if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
- return( PSA_ERROR_INVALID_SIGNATURE );
- return( PSA_SUCCESS );
+ status = PSA_ERROR_INVALID_SIGNATURE;
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_hash_abort(operation);
+
+ return( status );
}
psa_status_t psa_hash_compute( psa_algorithm_t alg,
@@ -2278,11 +2308,14 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
+ psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
status = psa_get_and_lock_key_slot_with_policy(
key,
@@ -2290,7 +2323,7 @@
is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
alg );
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
psa_key_attributes_t attributes = {
.core = slot->attr
@@ -2371,29 +2404,37 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- /* Set the output length and content to a safe default, such that in
- * case the caller misses an error check, the output would be an
- * unachievable MAC. */
- *mac_length = mac_size;
-
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( ! operation->is_sign )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
/* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
* once all the error checks are done. */
if( operation->mac_size == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( mac_size < operation->mac_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
status = psa_driver_wrapper_mac_sign_finish( operation,
mac, operation->mac_size,
mac_length );
+exit:
/* In case of success, set the potential excess room in the output buffer
* to an invalid value, to avoid potentially leaking a longer MAC.
* In case of error, set the output length and content to a safe default,
@@ -2423,21 +2464,27 @@
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( operation->is_sign )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( operation->mac_size != mac_length )
{
status = PSA_ERROR_INVALID_SIGNATURE;
- goto cleanup;
+ goto exit;
}
status = psa_driver_wrapper_mac_verify_finish( operation,
mac, mac_length );
-cleanup:
+exit:
abort_status = psa_mac_abort( operation );
return( status == PSA_SUCCESS ? abort_status : status );
@@ -3187,18 +3234,24 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
+ psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
/* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
/* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
@@ -3268,12 +3321,14 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
if( operation->iv_set || ! operation->iv_required )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
if( iv_size < operation->default_iv_length )
@@ -3309,18 +3364,28 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( operation->iv_set || ! operation->iv_required )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
status = psa_driver_wrapper_cipher_set_iv( operation,
iv,
iv_length );
+exit:
if( status == PSA_SUCCESS )
operation->iv_set = 1;
else
@@ -3339,11 +3404,14 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
+
if( operation->iv_required && ! operation->iv_set )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
status = psa_driver_wrapper_cipher_update( operation,
@@ -3352,6 +3420,8 @@
output,
output_size,
output_length );
+
+exit:
if( status != PSA_SUCCESS )
psa_cipher_abort( operation );
@@ -3367,17 +3437,22 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
+
if( operation->iv_required && ! operation->iv_set )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
status = psa_driver_wrapper_cipher_finish( operation,
output,
output_size,
output_length );
+
+exit:
if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) );
else
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index e84cf30..629feb7 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -19,7 +19,6 @@
*/
#include "common.h"
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 4420ec2..91757b5 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -21,11 +21,7 @@
#ifndef PSA_CRYPTO_CORE_H
#define PSA_CRYPTO_CORE_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h
index 1e5a407..1dd9579 100644
--- a/library/psa_crypto_invasive.h
+++ b/library/psa_crypto_invasive.h
@@ -28,11 +28,7 @@
#ifndef PSA_CRYPTO_INVASIVE_H
#define PSA_CRYPTO_INVASIVE_H
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "mbedtls/build_info.h"
#include "psa/crypto.h"
#include "common.h"
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 7104261..549dfb6 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -21,11 +21,7 @@
#ifndef PSA_CRYPTO_SE_H
#define PSA_CRYPTO_SE_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h
deleted file mode 100644
index 87889af..0000000
--- a/library/psa_crypto_service_integration.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_SERVICE_INTEGRATION_H
-#define PSA_CRYPTO_SERVICE_INTEGRATION_H
-
-/*
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
- * (Secure Partition Manager) integration which separates the code into two
- * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
- * Environment). When building for the SPE, an additional header file should be
- * included.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-/*
- * PSA_CRYPTO_SECURE means that the file which included this file is being
- * compiled for SPE. The files crypto_structs.h and crypto_types.h have
- * different implementations for NSPE and SPE and are compiled according to this
- * flag.
- */
-#define PSA_CRYPTO_SECURE 1
-#include "crypto_spe.h"
-#endif // MBEDTLS_PSA_CRYPTO_SPM
-
-#endif // PSA_CRYPTO_SERVICE_INTEGRATION_H
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index a95b4b3..925d684 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -22,7 +22,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_core.h"
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 575e992..09cbab4 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -25,7 +25,6 @@
#include <stdlib.h>
#include <string.h>
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#include "mbedtls/platform_util.h"
diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h
index 90c88a2..d6fc8e5 100644
--- a/library/rsa_alt_helpers.h
+++ b/library/rsa_alt_helpers.h
@@ -55,11 +55,7 @@
#ifndef MBEDTLS_RSA_INTERNAL_H
#define MBEDTLS_RSA_INTERNAL_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/bignum.h"
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d25bc55..c93c88d 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_SSL_MISC_H
#define MBEDTLS_SSL_MISC_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
diff --git a/library/threading.c b/library/threading.c
index 2de117f..bae6644 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -19,7 +19,7 @@
/*
* Ensure gmtime_r is available even with -std=c99; must be defined before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms.
*/
#if !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112L
diff --git a/library/timing.c b/library/timing.c
index a85ce67..8a02c00 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -28,7 +28,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
!defined(__HAIKU__) && !defined(__midipix__)
-#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
+#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h"
#endif
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
diff --git a/programs/Makefile b/programs/Makefile
index dcdb8f3..997c198 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -153,12 +153,12 @@
$(PYTHON) ../scripts/generate_psa_constants.py
test/query_config.c: ../scripts/generate_query_config.pl
-## The generated file only depends on the options that are present in config.h,
+## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
-## when switching between configurations, don't declare config.h as a
+## when switching between configurations, don't declare mbedtls_config.h as a
## dependency. Remove this file from your working tree if you've just added or
-## removed an option in config.h.
-#test/query_config.c: ../include/mbedtls/config.h
+## removed an option in mbedtls_config.h.
+#test/query_config.c: ../include/mbedtls/mbedtls_config.h
test/query_config.c: ../scripts/data_files/query_config.fmt
test/query_config.c:
echo " Gen $@"
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 0f97867..a8026a3 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -19,15 +19,11 @@
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
- * set before config.h, which pulls in glibc's features.h indirectly.
+ * set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
index c845149..efd8dbb 100644
--- a/programs/fuzz/onefile.c
+++ b/programs/fuzz/onefile.c
@@ -2,14 +2,10 @@
#include <stdlib.h>
#include <stdio.h>
-/* This file doesn't use any Mbed TLS function, but grab config.h anyway
+/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway
* in case it contains platform-specific #defines related to malloc or
* stdio functions. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index f73e5f8..9243f0a 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 18beb69..d2b6910 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 28bfb89..eccb42a 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index a481e32..174a363 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 79c313c..0ddb85c 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 1f4b8bc..ca046fd 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index a21a544..6b6e951 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9415530..4043dfa 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 2145e07..4203902 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 89c67ed..8a09af5 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 8245d01..6341752 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index e01f5d5..f1bfd8a 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index e629dc1..293c0a0 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index fe46c20..2ab428d 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index ee72243..5173507 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index bb3649f..42ec6a7 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index a000505..f7ff68f 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 1dcfc52..e48050a 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index ebc88e4..5aa592d 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 50553ca..7ec7335 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 5a68246..1b3e193 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 527d799..d6634ba 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 5d64349..cad875e 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -50,11 +50,7 @@
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdlib.h>
#include <stdio.h>
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 0f27aaa..4deb924 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 158a312..0a9e2dd 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 1e97795..2bebb0d 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index d2cc450..f257049 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 42dbeac..1e0bef6 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 6624224..3f7256f 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index b04d4b5..5ad9120 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -19,11 +19,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdio.h>
#include <stdlib.h>
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7419010..542a334 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index f223977..32960ad 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -18,17 +18,13 @@
*/
/* Enable definition of gethostname() even when compiling with -std=c99. Must
- * be set before config.h, which pulls in glibc's features.h indirectly.
+ * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index a083e4b..a8db4d8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index aaccb58..ace657c 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index bd303bc..f9e031b 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -20,11 +20,7 @@
#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 6f730bc..5985caf 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -19,11 +19,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_PLATFORM_C)
diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore
new file mode 100644
index 0000000..9ae6b59
--- /dev/null
+++ b/programs/test/cmake_package/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_package
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
new file mode 100644
index 0000000..518d2e9
--- /dev/null
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -0,0 +1,36 @@
+cmake_minimum_required(VERSION 2.8.12)
+
+#
+# Simulate configuring and building Mbed TLS as the user might do it. We'll
+# skip installing it, and use the build directory directly instead.
+#
+
+set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(MbedTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${MbedTLS_SOURCE_DIR}"
+ "-B${MbedTLS_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${MbedTLS_BINARY_DIR}")
+
+#
+# Locate the package.
+#
+
+set(MbedTLS_DIR "${MbedTLS_BINARY_DIR}/cmake")
+find_package(MbedTLS REQUIRED)
+
+#
+# At this point, the Mbed TLS targets should have been imported, and we can now
+# link to them from our own program.
+#
+
+add_executable(cmake_package cmake_package.c)
+target_link_libraries(cmake_package
+ MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c
new file mode 100644
index 0000000..1ae627d
--- /dev/null
+++ b/programs/test/cmake_package/cmake_package.c
@@ -0,0 +1,49 @@
+/*
+ * Simple program to test that Mbed TLS builds correctly as a CMake package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full( version );
+
+ mbedtls_printf( "Built against %s\n", version );
+
+ return( 0 );
+}
diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore
new file mode 100644
index 0000000..b9b8282
--- /dev/null
+++ b/programs/test/cmake_package_install/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_package_install
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
new file mode 100644
index 0000000..711a1e5
--- /dev/null
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -0,0 +1,39 @@
+cmake_minimum_required(VERSION 2.8.12)
+
+#
+# Simulate configuring and building Mbed TLS as the user might do it. We'll
+# install into a directory inside our own build directory.
+#
+
+set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(MbedTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
+set(MbedTLS_BINARY_DIR "${MbedTLS_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${MbedTLS_SOURCE_DIR}"
+ "-B${MbedTLS_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO"
+ "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${MbedTLS_BINARY_DIR}"
+ --target install)
+
+#
+# Locate the package.
+#
+
+set(MbedTLS_DIR "${MbedTLS_INSTALL_DIR}/cmake")
+find_package(MbedTLS REQUIRED)
+
+#
+# At this point, the Mbed TLS targets should have been imported, and we can now
+# link to them from our own program.
+#
+
+add_executable(cmake_package_install cmake_package_install.c)
+target_link_libraries(cmake_package_install
+ MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c
new file mode 100644
index 0000000..9d5d3e4
--- /dev/null
+++ b/programs/test/cmake_package_install/cmake_package_install.c
@@ -0,0 +1,50 @@
+/*
+ * Simple program to test that Mbed TLS builds correctly as an installable CMake
+ * package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full( version );
+
+ mbedtls_printf( "Built against %s\n", version );
+
+ return( 0 );
+}
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
index 6d81830..ff6ebf0 100644
--- a/programs/test/cmake_subproject/cmake_subproject.c
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index 61a7e89..7f1efe8 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
#include "mbedtls/aria.h"
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index 0e356c8..a6eaf61 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/query_config.h b/programs/test/query_config.h
index 23009c4..0fad886 100644
--- a/programs/test/query_config.h
+++ b/programs/test/query_config.h
@@ -1,5 +1,5 @@
/*
- * Query Mbed TLS compile time configurations from config.h
+ * Query Mbed TLS compile time configurations from mbedtls_config.h
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -20,17 +20,13 @@
#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/** Check whether a given configuration symbol is enabled.
*
* \param config The symbol to query (e.g. "MBEDTLS_RSA_C").
* \return \c 0 if the symbol was defined at compile time
- * (in MBEDTLS_CONFIG_FILE or config.h),
+ * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h),
* \c 1 otherwise.
*
* \note This function is defined in `programs/test/query_config.c`
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 87d8a13..c7bcc53 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -19,11 +19,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "mbedtls/entropy.h"
#include "mbedtls/hmac_drbg.h"
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 91c231f..307fc74 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -25,11 +25,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index 5e6b58e..a44099d 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -25,11 +25,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdio.h>
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index a2fd0fc..e273200 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 6b7e448..4b776d3 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 2adef39..aab15db 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 0ea2607..ed42079 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index f1e5c6b..9a20d63 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index db43c54..2720b1d 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index e151734..fd316e2 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
index 03bbb64..cf01e1f 100755
--- a/scripts/apidoc_full.sh
+++ b/scripts/apidoc_full.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Generate doxygen documentation with a full config.h (this ensures that every
+# Generate doxygen documentation with a full mbedtls_config.h (this ensures that every
# available flag is documented, and avoids warnings about documentation
# without a corresponding #define).
#
@@ -24,7 +24,7 @@
set -eu
-CONFIG_H='include/mbedtls/config.h'
+CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2
diff --git a/scripts/config.py b/scripts/config.py
index cbce1eb..6d5edc7 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -26,14 +26,14 @@
import re
class Setting:
- """Representation of one Mbed TLS config.h setting.
+ """Representation of one Mbed TLS mbedtls_config.h setting.
Fields:
* name: the symbol name ('MBEDTLS_xxx').
* value: the value of the macro. The empty string for a plain #define
with no value.
* active: True if name is defined, False if a #define for name is
- present in config.h but commented out.
+ present in mbedtls_config.h but commented out.
* section: the name of the section that contains this symbol.
"""
# pylint: disable=too-few-public-methods
@@ -321,7 +321,7 @@
and modify the configuration.
"""
- _path_in_tree = 'include/mbedtls/config.h'
+ _path_in_tree = 'include/mbedtls/mbedtls_config.h'
default_path = [_path_in_tree,
os.path.join(os.path.dirname(__file__),
os.pardir,
@@ -363,7 +363,7 @@
_config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
_section_line_regexp]))
def _parse_line(self, line):
- """Parse a line in config.h and return the corresponding template."""
+ """Parse a line in mbedtls_config.h and return the corresponding template."""
line = line.rstrip('\r\n')
m = re.match(self._config_line_regexp, line)
if m is None:
@@ -384,7 +384,7 @@
return template
def _format_template(self, name, indent, middle):
- """Build a line for config.h for the given setting.
+ """Build a line for mbedtls_config.h for the given setting.
The line has the form "<indent>#define <name> <value>"
where <middle> is "#define <name> ".
@@ -428,7 +428,7 @@
if __name__ == '__main__':
def main():
- """Command line config.h manipulation tool."""
+ """Command line mbedtls_config.h manipulation tool."""
parser = argparse.ArgumentParser(description="""
Mbed TLS and Mbed Crypto configuration file manipulation tool.
""")
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index c707e4c..ffa816e 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -1,5 +1,5 @@
/*
- * Query Mbed TLS compile time configurations from config.h
+ * Query Mbed TLS compile time configurations from mbedtls_config.h
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include "query_config.h"
@@ -34,7 +30,7 @@
/*
* Include all the headers with public APIs in case they define a macro to its
- * default value when that configuration is not set in the config.h.
+ * default value when that configuration is not set in the mbedtls_config.h.
*/
#include "mbedtls/aes.h"
#include "mbedtls/aria.h"
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 8d1beee..acf51f2 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -24,7 +24,7 @@
set -eu
-CONFIG_H='include/mbedtls/config.h'
+CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2
@@ -37,7 +37,7 @@
fi
if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
- echo "config.h not clean" >&2
+ echo "mbedtls_config.h not clean" >&2
exit 1
fi
@@ -66,8 +66,6 @@
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#include "check_config.h"
-
//#define MBEDTLS_ECP_WINDOW_SIZE 6
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
EOF
diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py
index bc11431..6719be1 100755
--- a/scripts/ecp_comb_table.py
+++ b/scripts/ecp_comb_table.py
@@ -126,7 +126,7 @@
}
if ( grp.T == NULL ) {
fprintf( stderr, "grp.T is not generated. Please make sure"
- "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in config.h\n" );
+ "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in mbedtls_config.h\n" );
return 1;
}
dump_T( &grp );
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 4d7be7a..6c0fc25 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -21,7 +21,7 @@
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
-# default include/mbedtls/config.h
+# default include/mbedtls/mbedtls_config.h
# thread configs/config-thread.h
# suite-b configs/config-suite-b.h
# psk configs/config-ccm-psk-tls1_2.h
@@ -30,7 +30,7 @@
#
set -eu
-CONFIG_H='include/mbedtls/config.h'
+CONFIG_H='include/mbedtls/mbedtls_config.h'
if [ -r $CONFIG_H ]; then :; else
echo "$CONFIG_H not found" >&2
@@ -112,7 +112,7 @@
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
-doit default include/mbedtls/config.h
+doit default include/mbedtls/mbedtls_config.h
doit thread configs/config-thread.h
doit suite-b configs/config-suite-b.h
doit psk configs/config-ccm-psk-tls1_2.h
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 6b1dcbf..b99c637 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -51,7 +51,7 @@
$/ = $line_separator;
-open(CONFIG_H, '<:crlf', "$include_dir/config.h") || die("Failure when opening config.h: $!");
+open(CONFIG_H, '<:crlf', "$include_dir/mbedtls_config.h") || die("Failure when opening mbedtls_config.h: $!");
my $feature_defines = "";
my $in_section = 0;
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 7276049..e3bbaa0 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -8,9 +8,9 @@
# the library, for example, for testing.
#
# The query_config.c is generated from the current configuration at
-# include/mbedtls/config.h. The idea is that the config.h contains ALL the
+# include/mbedtls/mbedtls_config.h. The idea is that the mbedtls_config.h contains ALL the
# compile time configurations available in Mbed TLS (commented or uncommented).
-# This script extracts the configuration macros from the config.h and this
+# This script extracts the configuration macros from the mbedtls_config.h and this
# information is used to automatically generate the body of the query_config()
# function by using the template in scripts/data_files/query_config.fmt.
#
@@ -33,7 +33,7 @@
use strict;
-my $config_file = "./include/mbedtls/config.h";
+my $config_file = "./include/mbedtls/mbedtls_config.h";
my $query_config_format_file = "./scripts/data_files/query_config.fmt";
my $query_config_file = "./programs/test/query_config.c";
@@ -63,9 +63,6 @@
if ($line =~ /^(\/\/)?\s*#\s*define\s+(MBEDTLS_\w+).*/) {
my $name = $2;
- # Skip over the macro that prevents multiple inclusion
- next if "MBEDTLS_CONFIG_H" eq $name;
-
# Skip over the macro if it is in the ecluded list
next if $name =~ /$excluded_re/;
diff --git a/scripts/memory.sh b/scripts/memory.sh
index c05be74..e3ce9d6 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -23,7 +23,7 @@
set -eu
-CONFIG_H='include/mbedtls/config.h'
+CONFIG_H='include/mbedtls/mbedtls_config.h'
CLIENT='mini_client'
@@ -46,7 +46,7 @@
fi
if git status | grep -F $CONFIG_H >/dev/null 2>&1; then
- echo "config.h not clean" >&2
+ echo "mbedtls_config.h not clean" >&2
exit 1
fi
diff --git a/tests/compat.sh b/tests/compat.sh
index 6c1e0d4..c2bef26 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -74,7 +74,7 @@
# exclude:
# - NULL: excluded from our default config
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
-# - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
+# - ARIA: not in default mbedtls_config.h + requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
# - 3DES: not in default config
EXCLUDE='NULL\|DES\|ARIA\|CHACHA20-POLY1305'
diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/config-wrapper-malloc-0-null.h
index 69a9578..e7bdbeb 100644
--- a/tests/configs/config-wrapper-malloc-0-null.h
+++ b/tests/configs/config-wrapper-malloc-0-null.h
@@ -1,4 +1,4 @@
-/* config.h wrapper that forces calloc(0) to return NULL.
+/* mbedtls_config.h wrapper that forces calloc(0) to return NULL.
* Used for testing.
*/
/*
@@ -18,10 +18,7 @@
* limitations under the License.
*/
-#ifndef MBEDTLS_CONFIG_H
-/* Don't #define MBEDTLS_CONFIG_H, let config.h do it. */
-
-#include "mbedtls/config.h"
+#include "mbedtls/mbedtls_config.h"
#include <stdlib.h>
static inline void *custom_calloc( size_t nmemb, size_t size )
@@ -33,5 +30,3 @@
#define MBEDTLS_PLATFORM_MEMORY
#define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
new file mode 100644
index 0000000..f80fd86
--- /dev/null
+++ b/tests/include/spe/crypto_spe.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/**
+ * \file crypto_spe.h
+ *
+ * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
+ * enabled, this header is included by all .c files in Mbed Crypto that
+ * use PSA Crypto function names. This avoids duplication of symbols
+ * between TF-M and Mbed Crypto.
+ *
+ * \note This file should be included before including any PSA Crypto headers
+ * from Mbed Crypto.
+ */
+
+#ifndef CRYPTO_SPE_H
+#define CRYPTO_SPE_H
+
+#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
+
+#define psa_crypto_init \
+ PSA_FUNCTION_NAME(psa_crypto_init)
+#define psa_key_derivation_get_capacity \
+ PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
+#define psa_key_derivation_set_capacity \
+ PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
+#define psa_key_derivation_input_bytes \
+ PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
+#define psa_key_derivation_output_bytes \
+ PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
+#define psa_key_derivation_input_key \
+ PSA_FUNCTION_NAME(psa_key_derivation_input_key)
+#define psa_key_derivation_output_key \
+ PSA_FUNCTION_NAME(psa_key_derivation_output_key)
+#define psa_key_derivation_setup \
+ PSA_FUNCTION_NAME(psa_key_derivation_setup)
+#define psa_key_derivation_abort \
+ PSA_FUNCTION_NAME(psa_key_derivation_abort)
+#define psa_key_derivation_key_agreement \
+ PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
+#define psa_raw_key_agreement \
+ PSA_FUNCTION_NAME(psa_raw_key_agreement)
+#define psa_generate_random \
+ PSA_FUNCTION_NAME(psa_generate_random)
+#define psa_aead_encrypt \
+ PSA_FUNCTION_NAME(psa_aead_encrypt)
+#define psa_aead_decrypt \
+ PSA_FUNCTION_NAME(psa_aead_decrypt)
+#define psa_open_key \
+ PSA_FUNCTION_NAME(psa_open_key)
+#define psa_close_key \
+ PSA_FUNCTION_NAME(psa_close_key)
+#define psa_import_key \
+ PSA_FUNCTION_NAME(psa_import_key)
+#define psa_destroy_key \
+ PSA_FUNCTION_NAME(psa_destroy_key)
+#define psa_get_key_attributes \
+ PSA_FUNCTION_NAME(psa_get_key_attributes)
+#define psa_reset_key_attributes \
+ PSA_FUNCTION_NAME(psa_reset_key_attributes)
+#define psa_export_key \
+ PSA_FUNCTION_NAME(psa_export_key)
+#define psa_export_public_key \
+ PSA_FUNCTION_NAME(psa_export_public_key)
+#define psa_purge_key \
+ PSA_FUNCTION_NAME(psa_purge_key)
+#define psa_copy_key \
+ PSA_FUNCTION_NAME(psa_copy_key)
+#define psa_cipher_operation_init \
+ PSA_FUNCTION_NAME(psa_cipher_operation_init)
+#define psa_cipher_generate_iv \
+ PSA_FUNCTION_NAME(psa_cipher_generate_iv)
+#define psa_cipher_set_iv \
+ PSA_FUNCTION_NAME(psa_cipher_set_iv)
+#define psa_cipher_encrypt_setup \
+ PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
+#define psa_cipher_decrypt_setup \
+ PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
+#define psa_cipher_update \
+ PSA_FUNCTION_NAME(psa_cipher_update)
+#define psa_cipher_finish \
+ PSA_FUNCTION_NAME(psa_cipher_finish)
+#define psa_cipher_abort \
+ PSA_FUNCTION_NAME(psa_cipher_abort)
+#define psa_hash_operation_init \
+ PSA_FUNCTION_NAME(psa_hash_operation_init)
+#define psa_hash_setup \
+ PSA_FUNCTION_NAME(psa_hash_setup)
+#define psa_hash_update \
+ PSA_FUNCTION_NAME(psa_hash_update)
+#define psa_hash_finish \
+ PSA_FUNCTION_NAME(psa_hash_finish)
+#define psa_hash_verify \
+ PSA_FUNCTION_NAME(psa_hash_verify)
+#define psa_hash_abort \
+ PSA_FUNCTION_NAME(psa_hash_abort)
+#define psa_hash_clone \
+ PSA_FUNCTION_NAME(psa_hash_clone)
+#define psa_hash_compute \
+ PSA_FUNCTION_NAME(psa_hash_compute)
+#define psa_hash_compare \
+ PSA_FUNCTION_NAME(psa_hash_compare)
+#define psa_mac_operation_init \
+ PSA_FUNCTION_NAME(psa_mac_operation_init)
+#define psa_mac_sign_setup \
+ PSA_FUNCTION_NAME(psa_mac_sign_setup)
+#define psa_mac_verify_setup \
+ PSA_FUNCTION_NAME(psa_mac_verify_setup)
+#define psa_mac_update \
+ PSA_FUNCTION_NAME(psa_mac_update)
+#define psa_mac_sign_finish \
+ PSA_FUNCTION_NAME(psa_mac_sign_finish)
+#define psa_mac_verify_finish \
+ PSA_FUNCTION_NAME(psa_mac_verify_finish)
+#define psa_mac_abort \
+ PSA_FUNCTION_NAME(psa_mac_abort)
+#define psa_sign_hash \
+ PSA_FUNCTION_NAME(psa_sign_hash)
+#define psa_verify_hash \
+ PSA_FUNCTION_NAME(psa_verify_hash)
+#define psa_asymmetric_encrypt \
+ PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
+#define psa_asymmetric_decrypt \
+ PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
+#define psa_generate_key \
+ PSA_FUNCTION_NAME(psa_generate_key)
+
+#endif /* CRYPTO_SPE_H */
diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h
index c93c741..03f0d03 100644
--- a/tests/include/test/certs.h
+++ b/tests/include/test/certs.h
@@ -22,11 +22,7 @@
#ifndef MBEDTLS_CERTS_H
#define MBEDTLS_CERTS_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h
index af64011..9626af9 100644
--- a/tests/include/test/constant_flow.h
+++ b/tests/include/test/constant_flow.h
@@ -24,11 +24,7 @@
#ifndef TEST_CONSTANT_FLOW_H
#define TEST_CONSTANT_FLOW_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/*
* This file defines the two macros
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 2207cb3..0830229 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 4fe5596..142f3b7 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
index ebe83de..d202c8b 100644
--- a/tests/include/test/drivers/hash.h
+++ b/tests/include/test/drivers/hash.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 45814fd..16e1f75 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
index 7733dd3..5f6cd38 100644
--- a/tests/include/test/drivers/mac.h
+++ b/tests/include/test/drivers/mac.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index 5e64edc..67f2b29 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
index b2665bd..4e3301c 100644
--- a/tests/include/test/drivers/size.h
+++ b/tests/include/test/drivers/size.h
@@ -20,11 +20,7 @@
#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H
#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
index faeef22..9d56dab 100644
--- a/tests/include/test/fake_external_rng_for_test.h
+++ b/tests/include/test/fake_external_rng_for_test.h
@@ -22,11 +22,7 @@
#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
#define FAKE_EXTERNAL_RNG_FOR_TEST_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** Enable the insecure implementation of mbedtls_psa_external_get_random().
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index c0d2c00..27e5599 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -30,11 +30,7 @@
* directly (without using the MBEDTLS_PRIVATE wrapper). */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
defined(MBEDTLS_TEST_HOOKS)
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 87e86d3..9b3fc9c 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -24,11 +24,7 @@
#ifndef TEST_MACROS_H
#define TEST_MACROS_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stdlib.h>
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
index 6428280..58548a2 100644
--- a/tests/include/test/random.h
+++ b/tests/include/test/random.h
@@ -25,11 +25,7 @@
#ifndef TEST_RANDOM_H
#define TEST_RANDOM_H
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index fe53669..f8e43c8 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -34,7 +34,7 @@
# Warning: the test is destructive. It includes various build modes and
# configurations, and can and will arbitrarily change the current CMake
# configuration. The following files must be committed into git:
-# * include/mbedtls/config.h
+# * include/mbedtls/mbedtls_config.h
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
# programs/fuzz/Makefile
# After running this script, the CMake cache will be lost and CMake
@@ -85,7 +85,7 @@
# means that components can assume that the working directory is in a
# cleaned-up state, and don't need to perform the cleanup themselves.
# * Run `make clean`.
-# * Restore `include/mbedtks/config.h` from a backup made before running
+# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
# the component.
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
# `tests/Makefile` and `programs/fuzz/Makefile` from git.
@@ -125,7 +125,7 @@
}
pre_initialize_variables () {
- CONFIG_H='include/mbedtls/config.h'
+ CONFIG_H='include/mbedtls/mbedtls_config.h'
CONFIG_BAK="$CONFIG_H.bak"
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak"
@@ -273,7 +273,7 @@
-iname CMakeFiles -exec rm -rf {} \+ -o \
\( -iname cmake_install.cmake -o \
-iname CTestTestfile.cmake -o \
- -iname CMakeCache.txt \) -exec rm {} \+
+ -iname CMakeCache.txt \) -exec rm -f {} \+
# Recover files overwritten by in-tree CMake builds
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
@@ -284,6 +284,16 @@
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
+ # Remove any artifacts from the component_test_cmake_as_package test.
+ rm -rf programs/test/cmake_package/build
+ rm -f programs/test/cmake_package/Makefile
+ rm -f programs/test/cmake_package/cmake_package
+
+ # Remove any artifacts from the component_test_cmake_as_installed_package test.
+ rm -rf programs/test/cmake_package_install/build
+ rm -f programs/test/cmake_package_install/Makefile
+ rm -f programs/test/cmake_package_install/cmake_package_install
+
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
@@ -453,8 +463,8 @@
exit 1
fi
- if ! git diff --quiet include/mbedtls/config.h; then
- err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. "
+ if ! git diff --quiet include/mbedtls/mbedtls_config.h; then
+ err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. "
echo "You can either delete or preserve your work, or force the test by rerunning the"
echo "script as: $0 --force"
exit 1
@@ -820,6 +830,32 @@
make test
}
+# check_renamed_symbols HEADER LIB
+# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
+# name is LIB.
+check_renamed_symbols () {
+ ! nm "$2" | sed 's/.* //' |
+ grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
+}
+
+component_build_psa_crypto_spm () {
+ msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
+ # We can only compile, not link, since our test and sample programs
+ # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
+ # is active.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
+
+ # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
+ # version is not present.
+ echo "Checking for renamed symbols in the library"
+ if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+}
+
component_test_psa_crypto_client () {
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
@@ -2514,6 +2550,32 @@
unset MBEDTLS_ROOT_DIR
}
+component_test_cmake_as_package () {
+ msg "build: cmake 'as-package' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+
+ cd programs/test/cmake_package
+ cmake .
+ make
+ if_build_succeeded ./cmake_package
+
+ cd "$MBEDTLS_ROOT_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
+
+component_test_cmake_as_package_install () {
+ msg "build: cmake 'as-installed-package' build"
+ MBEDTLS_ROOT_DIR="$PWD"
+
+ cd programs/test/cmake_package_install
+ cmake .
+ make
+ if_build_succeeded ./cmake_package_install
+
+ cd "$MBEDTLS_ROOT_DIR"
+ unset MBEDTLS_ROOT_DIR
+}
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 8fcde6f..83aa87a 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -30,7 +30,7 @@
#
# The tests focus on functionality and do not consider performance.
#
-# Note the tests self-adapt due to configurations in include/mbedtls/config.h
+# Note the tests self-adapt due to configurations in include/mbedtls/mbedtls_config.h
# which can lead to some tests being skipped, and can cause the number of
# available tests to fluctuate.
#
@@ -68,7 +68,7 @@
export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV"
-CONFIG_H='include/mbedtls/config.h'
+CONFIG_H='include/mbedtls/mbedtls_config.h'
CONFIG_BAK="$CONFIG_H.bak"
# Step 0 - print build environment info
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 2572e93..47196f4 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -36,7 +36,7 @@
#
# This script should be executed from the root of the project directory.
#
-# Only curves that are enabled in config.h will be tested.
+# Only curves that are enabled in mbedtls_config.h will be tested.
#
# For best effect, run either with cmake disabled, or cmake enabled in a mode
# that includes -Werror.
@@ -47,7 +47,7 @@
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $sed_cmd = 's/^#define \(MBEDTLS_ECP_DP.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
+my $config_h = 'include/mbedtls/mbedtls_config.h';
my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
# Determine which curves support ECDSA by checking the dependencies of
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index c5f1521..cd17066 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -42,7 +42,7 @@
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-my $config_h = 'include/mbedtls/config.h';
+my $config_h = 'include/mbedtls/mbedtls_config.h';
# as many SSL options depend on specific hashes,
# and SSL is not in the test suites anyways,
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 2ad4a7c..6eb7269 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -43,7 +43,7 @@
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-my $config_h = 'include/mbedtls/config.h';
+my $config_h = 'include/mbedtls/mbedtls_config.h';
# Some algorithms can't be disabled on their own as others depend on them, so
# we list those reverse-dependencies here to keep check_config.h happy.
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index 20f3aa6..46f1b97 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -40,7 +40,7 @@
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
-my $config_h = 'include/mbedtls/config.h';
+my $config_h = 'include/mbedtls/mbedtls_config.h';
my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
system( "cp $config_h $config_h.bak" ) and die;
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index 8bdc55f..4a5d035 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -27,7 +27,7 @@
exit 1
fi
-cp include/mbedtls/config.h include/mbedtls/config.h.bak
+cp include/mbedtls/mbedtls_config.h include/mbedtls/mbedtls_config.h.bak
scripts/config.py full
make clean
make_ret=
@@ -39,7 +39,7 @@
cat list-symbols.make.log >&2
}
rm list-symbols.make.log
-mv include/mbedtls/config.h.bak include/mbedtls/config.h
+mv include/mbedtls/mbedtls_config.h.bak include/mbedtls/mbedtls_config.h
if [ -n "$make_ret" ]; then
exit "$make_ret"
fi
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 2705f06..7f4ebeb 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -23,7 +23,7 @@
import sys
CLASSIC_DEPENDENCIES = frozenset([
- # This list is manually filtered from config.h.
+ # This list is manually filtered from mbedtls_config.h.
# Mbed TLS feature support.
# Only features that affect what can be done are listed here.
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index a79604e..dd24db7 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -60,7 +60,7 @@
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
-my $config_h = 'include/mbedtls/config.h';
+my $config_h = 'include/mbedtls/mbedtls_config.h';
system( "cp $config_h $config_h.bak" ) and die;
sub abort {
diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py
index 8ca4103..e230e3c 100755
--- a/tests/scripts/test_config_script.py
+++ b/tests/scripts/test_config_script.py
@@ -8,7 +8,7 @@
Sample usage:
test_config_script.py -d old
- ## Modify config.py and/or config.h ##
+ ## Modify config.py and/or mbedtls_config.h ##
test_config_script.py -d new
diff -ru old new
"""
@@ -170,7 +170,7 @@
dest='output_directory', required=True,
help="""Output directory.""")
parser.add_argument('-f', metavar='FILE',
- dest='input_file', default='include/mbedtls/config.h',
+ dest='input_file', default='include/mbedtls/mbedtls_config.h',
help="""Config file (default: %(default)s).""")
parser.add_argument('-p', metavar='PRESET,...',
dest='presets',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c8e4985..da5854e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -51,7 +51,7 @@
: ${PERL:=perl}
guess_config_name() {
- if git diff --quiet ../include/mbedtls/config.h 2>/dev/null; then
+ if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
echo "default"
else
echo "unknown"
@@ -93,7 +93,7 @@
FAILS=0
SKIPS=0
-CONFIG_H='../include/mbedtls/config.h'
+CONFIG_H='../include/mbedtls/mbedtls_config.h'
MEMCHECK=0
FILTER='.*'
@@ -178,7 +178,7 @@
;;
esac
-# Read boolean configuration options from config.h for easy and quick
+# Read boolean configuration options from mbedtls_config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols.
@@ -194,7 +194,7 @@
SKIP_NEXT="YES"
}
-# skip next test if the flag is not enabled in config.h
+# skip next test if the flag is not enabled in mbedtls_config.h
requires_config_enabled() {
case $CONFIGS_ENABLED in
*" $1 "*) :;;
@@ -202,7 +202,7 @@
esac
}
-# skip next test if the flag is enabled in config.h
+# skip next test if the flag is enabled in mbedtls_config.h
requires_config_disabled() {
case $CONFIGS_ENABLED in
*" $1 "*) SKIP_NEXT="YES";;
@@ -3146,7 +3146,7 @@
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
+# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
@@ -3164,7 +3164,7 @@
# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
-# algorithm stronger than SHA-1 is enabled in config.h
+# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 1278d95..52b586e 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -23,11 +23,7 @@
#endif
#endif
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include <mbedtls/config.h>
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "mbedtls/build_info.h"
/* Test code may use deprecated identifiers only if the preprocessor symbol
* MBEDTLS_TEST_DEPRECATED is defined. When building tests, set
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 33e7c95..41e2972 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -19,6 +19,11 @@
/* If this comes up, it's a bug in the test code or in the test data. */
#define UNUSED 0xdeadbeef
+/* Assert that an operation is (not) active.
+ * This serves as a proxy for checking if the operation is aborted. */
+#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
+#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
+
/** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U;
@@ -1540,15 +1545,28 @@
/* Call setup twice in a row. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_hash_setup( &operation, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_hash_abort( &operation ) );
+ /* Check that update calls abort on error. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ operation.id = UINT_MAX;
+ ASSERT_OPERATION_IS_ACTIVE( operation );
+ TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+
/* Call update after finish. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
PSA_ASSERT( psa_hash_finish( &operation,
@@ -1574,11 +1592,14 @@
/* Call verify twice in a row. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
PSA_ASSERT( psa_hash_verify( &operation,
valid_hash, sizeof( valid_hash ) ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
TEST_EQUAL( psa_hash_verify( &operation,
valid_hash, sizeof( valid_hash ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_hash_abort( &operation ) );
/* Call finish without calling setup beforehand. */
@@ -1627,8 +1648,12 @@
/* psa_hash_verify with a smaller hash than expected */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
PSA_ERROR_INVALID_SIGNATURE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* psa_hash_verify with a non-matching hash */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
@@ -1871,9 +1896,12 @@
/* Call setup twice in a row. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update after sign finish. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
@@ -1919,19 +1947,25 @@
/* Setup sign but try verify. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Setup verify but try sign. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
&sign_mac_length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_destroy_key( key ) );
@@ -2233,15 +2267,21 @@
/* Call encrypt setup twice in a row. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call decrypt setup twice in a row. */
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Generate an IV without calling setup beforehand. */
TEST_EQUAL( psa_cipher_generate_iv( &operation,
@@ -2255,11 +2295,14 @@
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Generate an IV after it's already set. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2281,10 +2324,13 @@
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Set an IV after it's already generated. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2305,12 +2351,16 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call update without an IV where an IV is required. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_update( &operation,
text, sizeof( text ),
buffer, sizeof( buffer ),
&length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update after finish. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2335,10 +2385,13 @@
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
/* Not calling update means we are encrypting an empty buffer, which is OK
* for cipher modes with padding. */
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_finish( &operation,
buffer, sizeof( buffer ), &length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call finish twice in a row. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index f5f4aac..f5f5159 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -179,11 +179,12 @@
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_rsa_init( &ctx );
- TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
- MBEDTLS_MD_NONE ) == 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
+
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
