Merge pull request #9348 from eleuzi01/replace-ecp-have-secp192r1
Replace MBEDTLS_ECP_HAVE_SECP192R1 with PSA_WANT_ECC_SECP_R1_192
diff --git a/docs/requirements.txt b/docs/requirements.txt
index a1bfd82..2287b2a 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,63 +1,66 @@
#
-# This file is autogenerated by pip-compile with Python 3.9
+# This file is autogenerated by pip-compile with Python 3.8
# by the following command:
#
# pip-compile requirements.in
#
alabaster==0.7.13
# via sphinx
-babel==2.12.1
+babel==2.15.0
# via sphinx
breathe==4.35.0
# via -r requirements.in
-certifi==2022.12.7
+certifi==2024.7.4
# via requests
-charset-normalizer==3.1.0
+charset-normalizer==3.3.2
# via requests
-click==8.1.3
+click==8.1.7
# via readthedocs-cli
-docutils==0.17.1
+docutils==0.20.1
# via
# breathe
# sphinx
# sphinx-rtd-theme
-idna==3.4
+idna==3.7
# via requests
imagesize==1.4.1
# via sphinx
-importlib-metadata==6.0.0
+importlib-metadata==8.0.0
# via sphinx
-jinja2==3.1.2
+jinja2==3.1.4
# via sphinx
-markdown-it-py==2.2.0
+markdown-it-py==3.0.0
# via rich
-markupsafe==2.1.2
+markupsafe==2.1.5
# via jinja2
mdurl==0.1.2
# via markdown-it-py
-packaging==23.0
+packaging==24.1
# via sphinx
-pygments==2.14.0
+pygments==2.18.0
# via
# rich
# sphinx
-pyyaml==6.0
+pytz==2024.1
+ # via babel
+pyyaml==6.0.1
# via readthedocs-cli
readthedocs-cli==4
# via -r requirements.in
-requests==2.28.2
+requests==2.32.3
# via
# readthedocs-cli
# sphinx
-rich==13.3.5
+rich==13.7.1
# via readthedocs-cli
snowballstemmer==2.2.0
# via sphinx
-sphinx==4.5.0
+sphinx==7.1.2
# via
# breathe
# sphinx-rtd-theme
-sphinx-rtd-theme==1.2.0
+ # sphinxcontrib-jquery
+sphinx-rtd-theme==2.0.0
# via -r requirements.in
sphinxcontrib-applehelp==1.0.4
# via sphinx
@@ -65,7 +68,7 @@
# via sphinx
sphinxcontrib-htmlhelp==2.0.1
# via sphinx
-sphinxcontrib-jquery==2.0.0
+sphinxcontrib-jquery==4.1
# via sphinx-rtd-theme
sphinxcontrib-jsmath==1.0.1
# via sphinx
@@ -73,10 +76,9 @@
# via sphinx
sphinxcontrib-serializinghtml==1.1.5
# via sphinx
-urllib3==1.26.15
+typing-extensions==4.12.2
+ # via rich
+urllib3==2.2.2
# via requests
-zipp==3.15.0
+zipp==3.19.2
# via importlib-metadata
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 178bd39..2673229 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -730,8 +730,8 @@
#if !defined(MBEDTLS_SHA512_C)
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
#endif
-#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT)
-#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+#error "MBEDTLS_SHA512_PROCESS_ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
#endif
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
@@ -750,8 +750,8 @@
#if !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
#endif
-#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
-#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+#error "MBEDTLS_SHA256_PROCESS_ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
#endif
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 33b89ef..9b616de 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -350,13 +350,6 @@
*/
//#define MBEDTLS_TIMING_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-
/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
@@ -2490,11 +2483,6 @@
* Enable the CMAC (Cipher-based Message Authentication Code) mode for block
* ciphers.
*
- * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
- * implementation of the CMAC algorithm is provided by an alternate
- * implementation, that alternate implementation may opt to not support
- * AES-192 or 3DES as underlying block ciphers for the CMAC operation.
- *
* Module: library/cmac.c
*
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h
deleted file mode 100644
index 68b53d7..0000000
--- a/tests/include/alt-dummy/cmac_alt.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef CMAC_ALT_H
-#define CMAC_ALT_H
-
-struct mbedtls_cmac_context_t {
- int dummy;
-};
-
-
-#endif /* cmac_alt.h */
diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h
deleted file mode 100644
index e3a15d7..0000000
--- a/tests/include/alt-dummy/md5_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MD5_ALT_H
-#define MD5_ALT_H
-
-typedef struct mbedtls_md5_context {
- int dummy;
-}
-mbedtls_md5_context;
-
-
-#endif /* md5_alt.h */
diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h
deleted file mode 100644
index 72ae47e..0000000
--- a/tests/include/alt-dummy/ripemd160_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef RIPEMD160_ALT_H
-#define RIPEMD160_ALT_H
-
-typedef struct mbedtls_ripemd160_context {
- int dummy;
-}
-mbedtls_ripemd160_context;
-
-
-#endif /* ripemd160_alt.h */
diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h
deleted file mode 100644
index d8ac971..0000000
--- a/tests/include/alt-dummy/sha1_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef SHA1_ALT_H
-#define SHA1_ALT_H
-
-typedef struct mbedtls_sha1_context {
- int dummy;
-}
-mbedtls_sha1_context;
-
-
-#endif /* sha1_alt.h */
diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h
deleted file mode 100644
index b1900ad..0000000
--- a/tests/include/alt-dummy/sha256_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef SHA256_ALT_H
-#define SHA256_ALT_H
-
-typedef struct mbedtls_sha256_context {
- int dummy;
-}
-mbedtls_sha256_context;
-
-
-#endif /* sha256_alt.h */
diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h
deleted file mode 100644
index 857bc91..0000000
--- a/tests/include/alt-dummy/sha512_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef SHA512_ALT_H
-#define SHA512_ALT_H
-
-typedef struct mbedtls_sha512_context {
- int dummy;
-}
-mbedtls_sha512_context;
-
-
-#endif /* sha512_alt.h */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
index 97b86fc..fd3d8a2 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
@@ -51,8 +51,6 @@
#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH
#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#if !defined(MBEDTLS_CMAC_ALT)
-
/**
* The CMAC context structure.
*/
@@ -68,10 +66,6 @@
size_t MBEDTLS_PRIVATE(unprocessed_len);
};
-#else /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
/**
* \brief This function starts a new CMAC computation
* by setting the CMAC key, and preparing to authenticate
@@ -85,12 +79,6 @@
* To start a CMAC computation using the same key as a previous
* CMAC computation, use mbedtls_cipher_cmac_finish().
*
- * \note When the CMAC implementation is supplied by an alternate
- * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- * may not be supported by that implementation, and thus
- * return an error. Alternate implementations must support
- * AES-128 and AES-256, and may support AES-192 and 3DES.
- *
* \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
@@ -177,12 +165,6 @@
* The CMAC result is calculated as
* output = generic CMAC(cmac key, input buffer).
*
- * \note When the CMAC implementation is supplied by an alternate
- * implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- * may not be supported by that implementation, and thus
- * return an error. Alternate implementations must support
- * AES-128 and AES-256, and may support AES-192 and 3DES.
- *
* \param cipher_info The cipher information.
* \param key The CMAC key.
* \param keylen The length of the CMAC key in bits.
@@ -226,12 +208,6 @@
/**
* \brief The CMAC checkup routine.
*
- * \note In case the CMAC routines are provided by an alternative
- * implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
- * checkup routine will succeed even if the implementation does
- * not support the less widely used AES-192 or 3DES primitives.
- * The self-test requires at least AES-128 and AES-256 to be
- * supported by the underlying implementation.
*
* \return \c 0 on success.
* \return \c 1 on failure.
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
index 6bf0754..826cca7 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
@@ -24,10 +24,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_MD5_ALT)
-// Regular implementation
-//
-
/**
* \brief MD5 context structure
*
@@ -43,10 +39,6 @@
}
mbedtls_md5_context;
-#else /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
-#endif /* MBEDTLS_MD5_ALT */
-
/**
* \brief Initialize MD5 context
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
index 279f92b..570ab2e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
@@ -20,10 +20,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-// Regular implementation
-//
-
/**
* \brief RIPEMD-160 context structure
*/
@@ -34,10 +30,6 @@
}
mbedtls_ripemd160_context;
-#else /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
-#endif /* MBEDTLS_RIPEMD160_ALT */
-
/**
* \brief Initialize RIPEMD-160 context
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
index 592ffd1..4b31c02 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
@@ -30,10 +30,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
/**
* \brief The SHA-1 context structure.
*
@@ -49,10 +45,6 @@
}
mbedtls_sha1_context;
-#else /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
/**
* \brief This function initializes a SHA-1 context.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
index ca568e2..0253f7d 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
@@ -26,10 +26,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
/**
* \brief The SHA-256 context structure.
*
@@ -48,10 +44,6 @@
}
mbedtls_sha256_context;
-#else /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
/**
* \brief This function initializes a SHA-256 context.
*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
index 1c20e4c..002fe9d 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
@@ -25,10 +25,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
/**
* \brief The SHA-512 context structure.
*
@@ -47,10 +43,6 @@
}
mbedtls_sha512_context;
-#else /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
/**
* \brief This function initializes a SHA-512 context.
*
diff --git a/tf-psa-crypto/drivers/builtin/src/cmac.c b/tf-psa-crypto/drivers/builtin/src/cmac.c
index eda10d0..5e517c4 100644
--- a/tf-psa-crypto/drivers/builtin/src/cmac.c
+++ b/tf-psa-crypto/drivers/builtin/src/cmac.c
@@ -38,8 +38,6 @@
#include <string.h>
-#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
-
/*
* Multiplication by u in the Galois field of GF(2^n)
*
@@ -125,9 +123,6 @@
return ret;
}
-#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
-
-#if !defined(MBEDTLS_CMAC_ALT)
/*
* Create padded last block from (partial) last block.
@@ -427,8 +422,6 @@
}
#endif /* MBEDTLS_AES_C */
-#endif /* !MBEDTLS_CMAC_ALT */
-
#if defined(MBEDTLS_SELF_TEST)
/*
* CMAC test data for SP800-38B
diff --git a/tf-psa-crypto/drivers/builtin/src/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c
index e4a87a2..e11e078 100644
--- a/tf-psa-crypto/drivers/builtin/src/md5.c
+++ b/tf-psa-crypto/drivers/builtin/src/md5.c
@@ -22,8 +22,6 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_MD5_ALT)
-
void mbedtls_md5_init(mbedtls_md5_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_md5_context));
@@ -309,8 +307,6 @@
return ret;
}
-#endif /* !MBEDTLS_MD5_ALT */
-
/*
* output = MD5( input buffer )
*/
diff --git a/tf-psa-crypto/drivers/builtin/src/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c
index b4fc3cd..96b5466 100644
--- a/tf-psa-crypto/drivers/builtin/src/ripemd160.c
+++ b/tf-psa-crypto/drivers/builtin/src/ripemd160.c
@@ -23,8 +23,6 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-
void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
@@ -365,8 +363,6 @@
return ret;
}
-#endif /* ! MBEDTLS_RIPEMD160_ALT */
-
/*
* output = RIPEMD-160( input buffer )
*/
diff --git a/tf-psa-crypto/drivers/builtin/src/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c
index dfbe481..c8d2852 100644
--- a/tf-psa-crypto/drivers/builtin/src/sha1.c
+++ b/tf-psa-crypto/drivers/builtin/src/sha1.c
@@ -22,8 +22,6 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_SHA1_ALT)
-
void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_sha1_context));
@@ -346,8 +344,6 @@
return ret;
}
-#endif /* !MBEDTLS_SHA1_ALT */
-
/*
* output = SHA-1( input buffer )
*/
diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c
index 8b2c345..ec1e969 100644
--- a/tf-psa-crypto/drivers/builtin/src/sha256.c
+++ b/tf-psa-crypto/drivers/builtin/src/sha256.c
@@ -216,8 +216,6 @@
#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */
-#if !defined(MBEDTLS_SHA256_ALT)
-
#define SHA256_BLOCK_SIZE 64
void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
@@ -763,8 +761,6 @@
return ret;
}
-#endif /* !MBEDTLS_SHA256_ALT */
-
/*
* output = SHA-256( input buffer )
*/
diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c
index 6dcea8d..e7575ea 100644
--- a/tf-psa-crypto/drivers/builtin/src/sha512.c
+++ b/tf-psa-crypto/drivers/builtin/src/sha512.c
@@ -205,8 +205,6 @@
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
-#if !defined(MBEDTLS_SHA512_ALT)
-
#define SHA512_BLOCK_SIZE 128
#if defined(MBEDTLS_SHA512_SMALLER)
@@ -879,8 +877,6 @@
return ret;
}
-#endif /* !MBEDTLS_SHA512_ALT */
-
/*
* output = SHA-512( input buffer )
*/
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index f9db4dd..3525da2 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -3865,8 +3865,8 @@
* psa_key_derivation_abort().
*
* \param[in,out] operation The key derivation operation object to read from.
- * \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length Length of the expected output; this is also the
+ * \param[in] expected Buffer containing the expected derivation output.
+ * \param expected_length Length of the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS \emptydescription
@@ -3896,8 +3896,8 @@
*/
psa_status_t psa_key_derivation_verify_bytes(
psa_key_derivation_operation_t *operation,
- const uint8_t *expected_output,
- size_t output_length);
+ const uint8_t *expected,
+ size_t expected_length);
/** Compare output data from a key derivation operation to an expected value
* stored in a key object.