aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMaulik Patel <maulik.patel@arm.com>2021-01-06 14:09:22 +0000
committerKarl Zhang <karl.zhang@arm.com>2021-03-17 10:05:53 +0100
commit28659c498c3bdbbc610959e7518bece5aaf72a19 (patch)
tree31c56512a44b08ceda10c143e7bc86108de60b05 /lib
parentf07e92e6e1c0453a488df6143818a25a37f011f4 (diff)
downloadtrusted-firmware-m-28659c498c3bdbbc610959e7518bece5aaf72a19.tar.gz
Crypto: Upgrade Mbed TLS to 2.25
Set the MBEDCRYPTO_VERSION to 2.25.0. First three patches in existing v2.24 already applied in v2.25 and hence removed. Replaced MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in all configuration and source as updated in v2.25 library. Update all headers of psa/include as per mbedtls-v2.25 excluding changes required to hide some implementation. Update id field in the client_key_attributes structure to psa_key_id_t. Update Copyright year to 2021! Removed patch 006 as not required in MbedTLS v2.25.0. Update references of handle to key as per MbedTLS api changes. Increase NUM_HANDLES to 32 to accommodate crypto api tests. Added corresponding tfm implementation of psa_purge_key(). Signed-off-by: Maulik Patel <maulik.patel@arm.com> Change-Id: I6a532da96735cf32996250c4a8733a8654c1f44e
Diffstat (limited to 'lib')
-rw-r--r--lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch (renamed from lib/ext/mbedcrypto/0004-BUILD-Update-IAR-support-in-CMakeLists.txt.patch)0
-rw-r--r--lib/ext/mbedcrypto/0001-Build-Add-MBEDTLS_TARGET_PREFIX.patch350
-rw-r--r--lib/ext/mbedcrypto/0002-Build-Use-new-style-syntax-in-link-libraries.patch57
-rw-r--r--lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch (renamed from lib/ext/mbedcrypto/0005-Enable-crypto-code-sharing-between-independent-binar.patch)0
-rw-r--r--lib/ext/mbedcrypto/0003-Remove-overriding-of-CMAKE_BUILD_TYPE.patch28
-rw-r--r--lib/ext/mbedcrypto/0006-Move-misplaced-else-within-ifdef-to-avoid-compilatio.patch34
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h14
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h14
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h14
9 files changed, 21 insertions, 490 deletions
diff --git a/lib/ext/mbedcrypto/0004-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 47c6448c9..47c6448c9 100644
--- a/lib/ext/mbedcrypto/0004-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
diff --git a/lib/ext/mbedcrypto/0001-Build-Add-MBEDTLS_TARGET_PREFIX.patch b/lib/ext/mbedcrypto/0001-Build-Add-MBEDTLS_TARGET_PREFIX.patch
deleted file mode 100644
index f19479c2a..000000000
--- a/lib/ext/mbedcrypto/0001-Build-Add-MBEDTLS_TARGET_PREFIX.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-From 995c66f702db3a004be1e3d822ffad64b2ad125f Mon Sep 17 00:00:00 2001
-From: Raef Coles <raef.coles@arm.com>
-Date: Tue, 13 Oct 2020 16:30:41 +0100
-Subject: [PATCH 1/2] Build: Add MBEDTLS_TARGET_PREFIX
-
-Allows required targets to have prefixes added to them, so that external
-projects can avoid target names clashing.
-
-Signed-off-by: Raef Coles <raef.coles@arm.com>
----
- CMakeLists.txt | 6 +-
- .../add_MBEDTLS_TARGET_PREFIX_to_cmake.txt | 6 ++
- library/CMakeLists.txt | 55 ++++++++++++-------
- programs/aes/CMakeLists.txt | 2 +-
- programs/fuzz/CMakeLists.txt | 2 +-
- programs/hash/CMakeLists.txt | 2 +-
- programs/pkey/CMakeLists.txt | 4 +-
- programs/psa/CMakeLists.txt | 2 +-
- programs/random/CMakeLists.txt | 2 +-
- programs/ssl/CMakeLists.txt | 2 +-
- programs/test/CMakeLists.txt | 4 +-
- programs/test/cmake_subproject/CMakeLists.txt | 12 ++--
- programs/util/CMakeLists.txt | 2 +-
- programs/x509/CMakeLists.txt | 4 +-
- tests/CMakeLists.txt | 4 +-
- 15 files changed, 69 insertions(+), 40 deletions(-)
- create mode 100644 ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 5af4c8124..e4f318b3c 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -14,6 +14,10 @@
- # CMake files. It is related to ZLIB support which is planned to be removed.
- # When the support is removed, the associated include_directories command
- # will be removed as well as this note.
-+# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling
-+# CMake in order to avoid target name clashes, via the use of
-+# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the
-+# mbedtls, mbedx509, mbedcrypto and apidoc targets.
- #
-
- cmake_minimum_required(VERSION 2.6)
-@@ -273,7 +277,7 @@ if(ENABLE_PROGRAMS)
- add_subdirectory(programs)
- endif()
-
--ADD_CUSTOM_TARGET(apidoc
-+ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}apidoc
- COMMAND doxygen mbedtls.doxyfile
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
-
-diff --git a/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt
-new file mode 100644
-index 000000000..533f309ab
---- /dev/null
-+++ b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt
-@@ -0,0 +1,6 @@
-+Features
-+ * Add MBEDTLS_TARGET_PREFIX CMake variable, which is prefixed to the mbedtls,
-+ mbedcrypto, mbedx509 and apidoc CMake target names. This can be used by
-+ external CMake projects that include this one to avoid CMake target name
-+ clashes. The default value of this variable is "", so default target names
-+ are unchanged.
-diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 4444b984e..f0315f721 100644
---- a/library/CMakeLists.txt
-+++ b/library/CMakeLists.txt
-@@ -150,18 +150,31 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
- message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
- endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
-
--set(target_libraries "mbedcrypto" "mbedx509" "mbedtls")
-+set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls")
-+set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509")
-+set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto")
-+
-+set(mbedtls_target ${mbedtls_target} PARENT_SCOPE)
-+set(mbedx509_target ${mbedx509_target} PARENT_SCOPE)
-+set(mbedcrypto_target ${mbedcrypto_target} PARENT_SCOPE)
-+
-+if (USE_STATIC_MBEDTLS_LIBRARY)
-+ set(mbedtls_static_target ${mbedtls_target})
-+ set(mbedx509_static_target ${mbedx509_target})
-+ set(mbedcrypto_static_target ${mbedcrypto_target})
-+endif()
-+
-+set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
-
- if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
-- set(mbedtls_static_target "mbedtls_static")
-- set(mbedx509_static_target "mbedx509_static")
-- set(mbedcrypto_static_target "mbedcrypto_static")
-+ string(APPEND mbedtls_static_target "_static")
-+ string(APPEND mbedx509_static_target "_static")
-+ string(APPEND mbedcrypto_static_target "_static")
-+
- list(APPEND target_libraries
-- "mbedcrypto_static" "mbedx509_static" "mbedtls_static")
--elseif(USE_STATIC_MBEDTLS_LIBRARY)
-- set(mbedtls_static_target "mbedtls")
-- set(mbedx509_static_target "mbedx509")
-- set(mbedcrypto_static_target "mbedcrypto")
-+ ${mbedcrypto_static_target}
-+ ${mbedx509_static_target}
-+ ${mbedtls_static_target})
- endif()
-
- if(USE_STATIC_MBEDTLS_LIBRARY)
-@@ -179,17 +192,17 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
- endif(USE_STATIC_MBEDTLS_LIBRARY)
-
- if(USE_SHARED_MBEDTLS_LIBRARY)
-- add_library(mbedcrypto SHARED ${src_crypto})
-- set_target_properties(mbedcrypto PROPERTIES VERSION 2.24.0 SOVERSION 5)
-- target_link_libraries(mbedcrypto ${libs})
-+ add_library(${mbedcrypto_target} SHARED ${src_crypto})
-+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.24.0 SOVERSION 5)
-+ target_link_libraries(${mbedcrypto_target} ${libs})
-
-- add_library(mbedx509 SHARED ${src_x509})
-- set_target_properties(mbedx509 PROPERTIES VERSION 2.24.0 SOVERSION 1)
-- target_link_libraries(mbedx509 ${libs} mbedcrypto)
-+ add_library(${mbedx509_target} SHARED ${src_x509})
-+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.24.0 SOVERSION 1)
-+ target_link_libraries(${mbedx509_target} ${libs} ${mbedcrypto_target})
-
-- add_library(mbedtls SHARED ${src_tls})
-- set_target_properties(mbedtls PROPERTIES VERSION 2.24.0 SOVERSION 13)
-- target_link_libraries(mbedtls ${libs} mbedx509)
-+ add_library(${mbedtls_target} SHARED ${src_tls})
-+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.24.0 SOVERSION 13)
-+ target_link_libraries(${mbedtls_target} ${libs} ${mbedx509_target})
- endif(USE_SHARED_MBEDTLS_LIBRARY)
-
- foreach(target IN LISTS target_libraries)
-@@ -210,7 +223,9 @@ foreach(target IN LISTS target_libraries)
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
- endforeach(target)
-
--add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls)
-+set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
-+
-+add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
- if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
-- add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static)
-+ add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target})
- endif()
-diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
-index 2309789a6..6b8ce2ab4 100644
---- a/programs/aes/CMakeLists.txt
-+++ b/programs/aes/CMakeLists.txt
-@@ -5,7 +5,7 @@ set(executables
-
- foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- endforeach()
-
- install(TARGETS ${executables}
-diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
-index e2b0eace2..35512c79a 100644
---- a/programs/fuzz/CMakeLists.txt
-+++ b/programs/fuzz/CMakeLists.txt
-@@ -1,5 +1,5 @@
- set(libs
-- mbedtls
-+ ${mbedtls_target}
- )
-
- if(USE_PKCS11_HELPER_LIBRARY)
-diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
-index ae294798b..b2f2a1f5c 100644
---- a/programs/hash/CMakeLists.txt
-+++ b/programs/hash/CMakeLists.txt
-@@ -5,7 +5,7 @@ set(executables
-
- foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- endforeach()
-
- install(TARGETS ${executables}
-diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
-index b4b3d3042..9c6fe7d49 100644
---- a/programs/pkey/CMakeLists.txt
-+++ b/programs/pkey/CMakeLists.txt
-@@ -5,7 +5,7 @@ set(executables_mbedtls
-
- foreach(exe IN LISTS executables_mbedtls)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedtls)
-+ target_link_libraries(${exe} ${mbedtls_target})
- endforeach()
-
- set(executables_mbedcrypto
-@@ -31,7 +31,7 @@ set(executables_mbedcrypto
-
- foreach(exe IN LISTS executables_mbedcrypto)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- endforeach()
-
- install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
-diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
-index 5cbcf7191..23e85fea7 100644
---- a/programs/psa/CMakeLists.txt
-+++ b/programs/psa/CMakeLists.txt
-@@ -6,7 +6,7 @@ set(executables
-
- foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
- endforeach()
-
-diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
-index 95acb7e10..8df836580 100644
---- a/programs/random/CMakeLists.txt
-+++ b/programs/random/CMakeLists.txt
-@@ -6,7 +6,7 @@ set(executables
-
- foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- endforeach()
-
- install(TARGETS ${executables}
-diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
-index 28fbfc5a7..ca0a6a429 100644
---- a/programs/ssl/CMakeLists.txt
-+++ b/programs/ssl/CMakeLists.txt
-@@ -2,7 +2,7 @@ set(THREADS_USE_PTHREADS_WIN32 true)
- find_package(Threads)
-
- set(libs
-- mbedtls
-+ ${mbedtls_target}
- )
-
- if(USE_PKCS11_HELPER_LIBRARY)
-diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
-index 0df0becd9..217741bf9 100644
---- a/programs/test/CMakeLists.txt
-+++ b/programs/test/CMakeLists.txt
-@@ -1,5 +1,5 @@
- set(libs
-- mbedtls
-+ ${mbedtls_target}
- )
-
- if(USE_PKCS11_HELPER_LIBRARY)
-@@ -33,7 +33,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
- if (${exe_index} GREATER -1)
- target_link_libraries(${exe} ${libs})
- else()
-- target_link_libraries(${exe} mbedcrypto)
-+ target_link_libraries(${exe} ${mbedcrypto_target})
- endif()
- endforeach()
-
-diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
-index 3e32c5fc3..a9fcfde29 100644
---- a/programs/test/cmake_subproject/CMakeLists.txt
-+++ b/programs/test/cmake_subproject/CMakeLists.txt
-@@ -1,5 +1,8 @@
- cmake_minimum_required(VERSION 2.6)
-
-+# Test the target renaming support by adding a prefix to the targets built
-+set(MBEDTLS_TARGET_PREFIX subproject_test_)
-+
- # We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other
- # projects that use Mbed TLS as a subproject are likely to add by their own
- # relative paths.
-@@ -8,11 +11,12 @@ set(MBEDTLS_DIR ../../../)
- # Add Mbed TLS as a subdirectory.
- add_subdirectory(${MBEDTLS_DIR} build)
-
--# Link against all the Mbed TLS libraries.
-+# Link against all the Mbed TLS libraries. Verifies that the targets have been
-+# created using the specified prefix
- set(libs
-- mbedcrypto
-- mbedx509
-- mbedtls
-+ subproject_test_mbedcrypto
-+ subproject_test_mbedx509
-+ subproject_test_mbedtls
- )
-
- add_executable(cmake_subproject cmake_subproject.c)
-diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
-index cb14a3ee6..2a11212ec 100644
---- a/programs/util/CMakeLists.txt
-+++ b/programs/util/CMakeLists.txt
-@@ -1,5 +1,5 @@
- set(libs
-- mbedcrypto
-+ ${mbedcrypto_target}
- )
-
- set(executables
-diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
-index f7b5fe1d9..29cbeb800 100644
---- a/programs/x509/CMakeLists.txt
-+++ b/programs/x509/CMakeLists.txt
-@@ -1,5 +1,5 @@
- set(libs
-- mbedx509
-+ ${mbedx509_target}
- )
-
- if(USE_PKCS11_HELPER_LIBRARY)
-@@ -23,7 +23,7 @@ foreach(exe IN LISTS executables)
- target_link_libraries(${exe} ${libs})
- endforeach()
-
--target_link_libraries(cert_app mbedtls)
-+target_link_libraries(cert_app ${mbedtls_target})
-
- install(TARGETS ${executables}
- DESTINATION "bin"
-diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
-index cc6866309..580d936c0 100644
---- a/tests/CMakeLists.txt
-+++ b/tests/CMakeLists.txt
-@@ -1,5 +1,5 @@
- set(libs
-- mbedtls
-+ ${mbedtls_target}
- )
-
- # Set the project root directory if it's not already defined, as may happen if
-@@ -43,7 +43,7 @@ function(add_test_suite suite_name)
- add_custom_command(
- OUTPUT test_suite_${data_name}.c
- COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
-- DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
-+ DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
- )
-
- add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
---
-2.20.1
-
diff --git a/lib/ext/mbedcrypto/0002-Build-Use-new-style-syntax-in-link-libraries.patch b/lib/ext/mbedcrypto/0002-Build-Use-new-style-syntax-in-link-libraries.patch
deleted file mode 100644
index c4d51500b..000000000
--- a/lib/ext/mbedcrypto/0002-Build-Use-new-style-syntax-in-link-libraries.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 4762eddfb3e17d50b471cf6dda491047cbd712d6 Mon Sep 17 00:00:00 2001
-From: Raef Coles <raef.coles@arm.com>
-Date: Tue, 13 Oct 2020 16:31:41 +0100
-Subject: [PATCH 2/2] Build: Use new-style syntax in link-libraries
-
-Migrate to new syntax where the PUBLIC attribute is explicitly defined.
-Avoids issues caused sometimes where cmake does not allow the mixing of
-old-style and new-style syntax
-
-Signed-off-by: Raef Coles <raef.coles@arm.com>
----
- library/CMakeLists.txt | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index f0315f721..89625558a 100644
---- a/library/CMakeLists.txt
-+++ b/library/CMakeLists.txt
-@@ -180,29 +180,29 @@ endif()
- if(USE_STATIC_MBEDTLS_LIBRARY)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
-- target_link_libraries(${mbedcrypto_static_target} ${libs})
-+ target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
-
- add_library(${mbedx509_static_target} STATIC ${src_x509})
- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
-- target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target})
-+ target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
-
- add_library(${mbedtls_static_target} STATIC ${src_tls})
- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
-- target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target})
-+ target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
- endif(USE_STATIC_MBEDTLS_LIBRARY)
-
- if(USE_SHARED_MBEDTLS_LIBRARY)
- add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.24.0 SOVERSION 5)
-- target_link_libraries(${mbedcrypto_target} ${libs})
-+ target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
-
- add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.24.0 SOVERSION 1)
-- target_link_libraries(${mbedx509_target} ${libs} ${mbedcrypto_target})
-+ target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
-
- add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.24.0 SOVERSION 13)
-- target_link_libraries(${mbedtls_target} ${libs} ${mbedx509_target})
-+ target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
- endif(USE_SHARED_MBEDTLS_LIBRARY)
-
- foreach(target IN LISTS target_libraries)
---
-2.20.1
-
diff --git a/lib/ext/mbedcrypto/0005-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index 3c220b4e6..3c220b4e6 100644
--- a/lib/ext/mbedcrypto/0005-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
diff --git a/lib/ext/mbedcrypto/0003-Remove-overriding-of-CMAKE_BUILD_TYPE.patch b/lib/ext/mbedcrypto/0003-Remove-overriding-of-CMAKE_BUILD_TYPE.patch
deleted file mode 100644
index f94de4e0a..000000000
--- a/lib/ext/mbedcrypto/0003-Remove-overriding-of-CMAKE_BUILD_TYPE.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 1c4af63fc32e16022f884e29ad3ccbdb8c3ed2f2 Mon Sep 17 00:00:00 2001
-From: Raef Coles <raef.coles@arm.com>
-Date: Wed, 2 Sep 2020 10:15:02 +0100
-Subject: [PATCH 3/4] Remove overriding of CMAKE_BUILD_TYPE
-
-Signed-off-by: Raef Coles <raef.coles@arm.com>
----
- CMakeLists.txt | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index ba9227ff3..a671575b7 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -112,10 +112,6 @@ option: \n\
- endif()
- endif()
-
--set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
-- CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
-- FORCE)
--
- # Create a symbolic link from ${base_name} in the binary directory
- # to the corresponding path in the source directory.
- function(link_to_source base_name)
---
-2.20.1
-
diff --git a/lib/ext/mbedcrypto/0006-Move-misplaced-else-within-ifdef-to-avoid-compilatio.patch b/lib/ext/mbedcrypto/0006-Move-misplaced-else-within-ifdef-to-avoid-compilatio.patch
deleted file mode 100644
index 159e32504..000000000
--- a/lib/ext/mbedcrypto/0006-Move-misplaced-else-within-ifdef-to-avoid-compilatio.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 8b2dc6377637c6c146ab5d23a4e119e3d508156c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?=
- <haakon.amundsen@nordicsemi.no>
-Date: Tue, 19 Jan 2021 15:16:55 +0100
-Subject: [PATCH] Move misplaced 'else' within #ifdef to avoid compilation
- error
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... when MBEDTLS_MD_C is not defined.
-
-Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
----
- library/psa_crypto.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index bffddc995..8b1201461 100644
---- a/library/psa_crypto.c
-+++ b/library/psa_crypto.c
-@@ -5220,8 +5220,8 @@ static psa_status_t psa_key_derivation_setup_kdf(
- operation->capacity = 255 * hash_size;
- return( PSA_SUCCESS );
- }
--#endif /* MBEDTLS_MD_C */
- else
-+#endif /* MBEDTLS_MD_C */
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-
---
-2.30.0
-
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
index c9fc9f4f6..60c42c2b7 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
@@ -8,7 +8,7 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -855,20 +855,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
-/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
- * In PSA key storage, encode the owner of the key.
+ * Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide
- * an implementation of the type psa_key_owner_id_t and a translation
- * from psa_key_file_id_t to file name in all the storage backends that
+ * multi-client service. When you activate this option, you must provide an
+ * implementation of the type mbedtls_key_owner_id_t and a translation from
+ * mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
-#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
index 1d61ac235..c1663d0e5 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
@@ -8,7 +8,7 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -850,20 +850,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
-/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
- * In PSA key storage, encode the owner of the key.
+ * Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide
- * an implementation of the type psa_key_owner_id_t and a translation
- * from psa_key_file_id_t to file name in all the storage backends that
+ * multi-client service. When you activate this option, you must provide an
+ * implementation of the type mbedtls_key_owner_id_t and a translation from
+ * mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
-#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
index ee578749d..3c2c12295 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
@@ -8,7 +8,7 @@
* memory footprint.
*/
/*
- * Copyright (C) 2006-2020, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -850,20 +850,20 @@
*/
//#define MBEDTLS_ENTROPY_NV_SEED
-/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
- * In PSA key storage, encode the owner of the key.
+ * Enable key identifiers that encode a key owner identifier.
*
* This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide
- * an implementation of the type psa_key_owner_id_t and a translation
- * from psa_key_file_id_t to file name in all the storage backends that
+ * multi-client service. When you activate this option, you must provide an
+ * implementation of the type mbedtls_key_owner_id_t and a translation from
+ * mbedtls_svc_key_id_t to file name in all the storage backends that you
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
-#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG