Merge pull request #9831 from ronald-cron-arm/finalize-split-preparation-3
Finalize split preparation-3
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 917b88d..6b09ae3 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -7,6 +7,7 @@
EXTRACT_STATIC = YES
CASE_SENSE_NAMES = NO
INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy
+EXCLUDE = ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h
FILE_PATTERNS = *.h
RECURSIVE = YES
EXCLUDE_SYMLINKS = YES
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 2025819..534f016 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -14,6 +14,8 @@
#ifndef MBEDTLS_BUILD_INFO_H
#define MBEDTLS_BUILD_INFO_H
+#include "tf-psa-crypto/build_info.h"
+
/*
* This set of compile-time defines can be used to determine the version number
* of the Mbed TLS library used. Run-time variables for the same can be found in
@@ -37,70 +39,6 @@
#define MBEDTLS_VERSION_STRING "4.0.0"
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.0.0"
-/* Macros for build-time platform detection */
-
-#if !defined(MBEDTLS_ARCH_IS_ARM64) && \
- (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
-#define MBEDTLS_ARCH_IS_ARM64
-#endif
-
-#if !defined(MBEDTLS_ARCH_IS_ARM32) && \
- (defined(__arm__) || defined(_M_ARM) || \
- defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__))
-#define MBEDTLS_ARCH_IS_ARM32
-#endif
-
-#if !defined(MBEDTLS_ARCH_IS_X64) && \
- (defined(__amd64__) || defined(__x86_64__) || \
- ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)))
-#define MBEDTLS_ARCH_IS_X64
-#endif
-
-#if !defined(MBEDTLS_ARCH_IS_X86) && \
- (defined(__i386__) || defined(_X86_) || \
- (defined(_M_IX86) && !defined(_M_I86)))
-#define MBEDTLS_ARCH_IS_X86
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \
- (defined(_M_ARM64) || defined(_M_ARM64EC))
-#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64
-#endif
-
-/* This is defined if the architecture is Armv8-A, or higher */
-#if !defined(MBEDTLS_ARCH_IS_ARMV8_A)
-#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE)
-#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A')
-/* GCC, clang, armclang and IAR */
-#define MBEDTLS_ARCH_IS_ARMV8_A
-#endif
-#elif defined(__ARM_ARCH_8A)
-/* Alternative defined by clang */
-#define MBEDTLS_ARCH_IS_ARMV8_A
-#elif defined(_M_ARM64) || defined(_M_ARM64EC)
-/* MSVC ARM64 is at least Armv8.0-A */
-#define MBEDTLS_ARCH_IS_ARMV8_A
-#endif
-#endif
-
-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
- && !defined(__llvm__) && !defined(__INTEL_COMPILER)
-/* Defined if the compiler really is gcc and not clang, etc */
-#define MBEDTLS_COMPILER_IS_GCC
-#define MBEDTLS_GCC_VERSION \
- (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
-#endif
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/* Define `inline` on some non-C99-compliant compilers. */
-#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
- !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
#if defined(MBEDTLS_CONFIG_FILES_READ)
#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!"
#endif
@@ -108,7 +46,7 @@
#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!"
#endif
-/* X.509, TLS and non-PSA crypto configuration */
+/* X.509 and TLS configuration */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
#else
@@ -130,48 +68,12 @@
#include MBEDTLS_USER_CONFIG_FILE
#endif
-/* PSA crypto configuration */
-#if defined(TF_PSA_CRYPTO_CONFIG_FILE)
-#include TF_PSA_CRYPTO_CONFIG_FILE
-#else
-#include "psa/crypto_config.h"
-#endif
-#if defined(TF_PSA_CRYPTO_USER_CONFIG_FILE)
-#include TF_PSA_CRYPTO_USER_CONFIG_FILE
-#endif
-
/* Indicate that all configuration files have been read.
* It is now time to adjust the configuration (follow through on dependencies,
* make PSA and legacy crypto consistent, etc.).
*/
#define MBEDTLS_CONFIG_FILES_READ
-/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
- * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
- * to ensure a 128-bit key size in CTR_DRBG.
- */
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C)
-#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-#endif
-
-/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it
- * in a previous release, to ensure backwards compatibility.
- */
-#if defined(MBEDTLS_PKCS5_C)
-#define MBEDTLS_MD_C
-#endif
-
-/* PSA crypto specific configuration options
- * - If config_psa.h reads a configuration option in preprocessor directive,
- * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C)
- * - If config_psa.h writes a configuration option in conditional directive,
- * this symbol should be consulted after its inclusion.
- * (e.g. MBEDTLS_MD_LIGHT)
- */
-#include "mbedtls/config_psa.h"
-
-#include "mbedtls/config_adjust_legacy_crypto.h"
-
#include "mbedtls/config_adjust_x509.h"
#include "mbedtls/config_adjust_ssl.h"
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 91b88bd..9deb14f 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -1,5 +1,5 @@
/**
- * \file check_config.h
+ * \file mbedtls/check_config.h
*
* \brief Consistency checks for configuration options
*
@@ -26,54 +26,14 @@
"It is included automatically at the right point since Mbed TLS 3.0."
#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
-/*
- * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
- * target platforms, so not an issue, but let's just be extra sure.
- */
-#include <limits.h>
-#if CHAR_BIT != 8
-#error "Mbed TLS requires a platform with 8-bit chars"
-#endif
-
-#include <stdint.h>
-
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
-/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
- * in * config_adjust_legacy_crypto.h */
-#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
-
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
#endif
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
-#endif
-
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
-/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
- * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
- * all 4 of them.
- */
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md"
-#endif /* not all of public, basic, import, export */
-#endif /* one of public, basic, import, export */
-
/* Limitations on ECC curves acceleration: partial curve acceleration is only
* supported with crypto excluding PK, X.509 or TLS.
* Note: no need to check X.509 as it depends on PK. */
@@ -91,184 +51,12 @@
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
-#if defined(MBEDTLS_PK_C) || \
- defined(MBEDTLS_SSL_TLS_C)
+#if defined(MBEDTLS_SSL_TLS_C)
#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
#endif /* modules beyond what's supported */
#endif /* not all curves accelerated */
#endif /* some curve accelerated */
-#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
- defined(PSA_WANT_ALG_ECB_NO_PADDING)))
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CMAC_C) && \
- ( !defined(MBEDTLS_CIPHER_C ) || ( !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) ) )
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C) && \
- ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously"
-#endif
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously"
-#endif
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously"
-#endif
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously"
-#endif
-#endif
-
-#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously"
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously"
-#endif
-#if defined(MBEDTLS_DES_C)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously"
-#endif
-#if defined(MBEDTLS_NIST_KW_C)
-#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously"
-#endif
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) && \
- ( !defined(MBEDTLS_ECP_C) || \
- !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
- !defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_HAVE_ALG_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
-#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
-#endif
-#if defined(PSA_HAVE_ALG_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
-#endif
-#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_ECJPAKE_C) && \
- !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
- !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
- !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
- !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C) && \
- !(defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_256))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(PSA_WANT_ALG_SHA_512)) \
- && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(PSA_WANT_ALG_SHA_256)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
-#endif
-
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
-#endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
-#endif
-#if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM)
-#error "MemorySanitizer does not support assembly implementation"
-#endif
-#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
-
-#if defined(MBEDTLS_CCM_C) && \
- !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
- defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
-#error "MBEDTLS_CCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && \
- !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
- defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
-#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
-#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(MBEDTLS_CAN_ECDH) || \
!defined(PSA_HAVE_ALG_ECDSA_SIGN) || \
@@ -345,408 +133,11 @@
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
#endif
-#if defined(MBEDTLS_MD_C) && \
- !defined(PSA_WANT_ALG_MD5) && \
- !defined(PSA_WANT_ALG_RIPEMD160) && \
- !defined(PSA_WANT_ALG_SHA_1) && \
- !defined(PSA_WANT_ALG_SHA_224) && \
- !defined(PSA_WANT_ALG_SHA_256) && \
- !defined(PSA_WANT_ALG_SHA_384) && \
- !defined(PSA_WANT_ALG_SHA_512) && \
- !defined(PSA_WANT_ALG_SHA3_224) && \
- !defined(PSA_WANT_ALG_SHA3_256) && \
- !defined(PSA_WANT_ALG_SHA3_384) && \
- !defined(PSA_WANT_ALG_SHA3_512)
-#error "MBEDTLS_MD_C defined, but no hash algorithm"
-#endif
-
-#if defined(MBEDTLS_LMS_C) && \
- ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
-#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
-#endif
-
-#if defined(MBEDTLS_LMS_PRIVATE) && \
- ( !defined(MBEDTLS_LMS_C) )
-#error "MBEDTLS_LMS_PRIVATE requires MBEDTLS_LMS_C"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && \
- !defined(MBEDTLS_RSA_C) && !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && \
- (!defined(MBEDTLS_ASN1_PARSE_C) || \
- !defined(MBEDTLS_OID_C) || \
- !defined(MBEDTLS_PK_C))
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C) && \
- (!defined(MBEDTLS_ASN1_WRITE_C) || \
- !defined(MBEDTLS_OID_C) || \
- !defined(MBEDTLS_PK_C))
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
- defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SETBUF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SETBUF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SETBUF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_SETBUF) ||\
- defined(MBEDTLS_PLATFORM_SETBUF_ALT) )
-#error "MBEDTLS_PLATFORM_SETBUF_MACRO and MBEDTLS_PLATFORM_STD_SETBUF/MBEDTLS_PLATFORM_SETBUF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT) && \
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_MS_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
- defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
- defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
- defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
- defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
- defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
- defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\
- defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
- !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
- !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
- ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
- !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
- !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
- !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
- !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
- ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
- !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
- !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
- !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
- ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
- defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && \
- !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
- defined(MBEDTLS_ENTROPY_C) ) || \
- defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
- ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
- defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
- defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
- defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
-#endif
-
-#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
- defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
-#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
- !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
- !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
- !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
-#endif
-
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
- defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
-#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
-#endif
-
-#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
-#if !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
-#endif
-
-#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
-
-#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__)
-#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
-#endif
-
-#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
- defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
-#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
-#endif
-
-#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
-#if !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
-#endif
-
-#endif
-
-#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
-#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
-#endif
-
/* TLS 1.3 requires separate HKDF parts from PSA,
* and at least one ciphersuite, so at least SHA-256 or SHA-384
* from PSA to use with HKDF.
@@ -924,27 +315,6 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
-#endif
-#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
-#endif
-#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
-#endif
-#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
#endif
@@ -988,15 +358,6 @@
#error "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
-#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
- defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
-#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-
#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
#endif
@@ -1070,12 +431,5 @@
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
#endif
-/*
- * Avoid warning from -pedantic. This is a convenient place for this
- * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
- */
-typedef int mbedtls_iso_c_forbids_empty_translation_units;
-
/* *INDENT-ON* */
#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 66117dd..5bda91a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -11,6 +11,7 @@
#define MBEDTLS_SSL_MISC_H
#include "common.h"
+#include "mbedtls/build_info.h"
#include "mbedtls/error.h"
diff --git a/library/x509_internal.h b/library/x509_internal.h
index ec1ac50..36cbc65 100644
--- a/library/x509_internal.h
+++ b/library/x509_internal.h
@@ -11,6 +11,7 @@
#define MBEDTLS_X509_INTERNAL_H
#include "common.h"
+#include "mbedtls/build_info.h"
#include "mbedtls/private_access.h"
#include "mbedtls/x509.h"
diff --git a/tests/Makefile b/tests/Makefile
index 7063d81..9254da0 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -315,9 +315,10 @@
s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \
s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \
+ s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!$${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; \
next if /^\s*#\s*include/; \
- s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \
- s/\b(?=mbedtls_|psa_)/libtestdriver1_/g;
+ s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; \
+ s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g;
endef
libtestdriver1.a:
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 7c232ab..8f34444 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -239,6 +239,7 @@
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/include/tf-psa-crypto/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"tf-psa-crypto/drivers/everest/include/everest/everest.h",
"tf-psa-crypto/drivers/everest/include/everest/x25519.h"
@@ -258,6 +259,7 @@
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/include/tf-psa-crypto/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"tf-psa-crypto/core/*.h",
@@ -272,6 +274,7 @@
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/include/tf-psa-crypto/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"tf-psa-crypto/core/*.h",
@@ -283,6 +286,7 @@
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/include/tf-psa-crypto/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"tf-psa-crypto/core/*.h",
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index bbc191f..43b9e1e 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -150,11 +150,17 @@
set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
endif()
endif()
-if(TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
+if(TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- execute_process(COMMAND ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/config.py -f ${MBEDTLS_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- RESULT_VARIABLE result)
+ execute_process(
+ COMMAND
+ ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE} ${TF_PSA_CRYPTO_DIR}/scripts/config.py
+ -f ${TF_PSA_CRYPTO_DIR}/include/psa/crypto_config.h
+ get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ RESULT_VARIABLE
+ result
+ )
if(${result} EQUAL 0)
message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
endif()
@@ -422,10 +428,15 @@
DEPENDS ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include/test/test_keys.h)
add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header)
endif()
+
+ file(WRITE
+ ${CMAKE_CURRENT_BINARY_DIR}/tests/seedfile
+ "This is a seedfile that contains 64 bytes ......................"
+ )
+
target_include_directories(tf_psa_crypto_test
PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
PRIVATE tests/include
- PRIVATE ${MBEDTLS_DIR}/include
PRIVATE include
PRIVATE drivers/builtin/include
PRIVATE drivers/everest/include
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
index ccf1148..2e80093 100644
--- a/tf-psa-crypto/core/CMakeLists.txt
+++ b/tf-psa-crypto/core/CMakeLists.txt
@@ -132,8 +132,7 @@
# ${MBEDTLS_DIR}/include/ as we still need it. Include private header files
# from core/ and drivers/builtin/src/.
target_include_directories(${target}
- PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
- $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include/>
+ PUBLIC $<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include/>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include/>
$<INSTALL_INTERFACE:include/>
PRIVATE ${TF_PSA_CRYPTO_DIR}/core
diff --git a/tf-psa-crypto/core/common.h b/tf-psa-crypto/core/common.h
index 7bb2674..ff57b47 100644
--- a/tf-psa-crypto/core/common.h
+++ b/tf-psa-crypto/core/common.h
@@ -11,7 +11,7 @@
#ifndef MBEDTLS_LIBRARY_COMMON_H
#define MBEDTLS_LIBRARY_COMMON_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "alignment.h"
#include <assert.h>
diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
index 1c670cd..e4c7943 100644
--- a/tf-psa-crypto/core/psa_crypto_core.h
+++ b/tf-psa-crypto/core/psa_crypto_core.h
@@ -9,14 +9,7 @@
#ifndef PSA_CRYPTO_CORE_H
#define PSA_CRYPTO_CORE_H
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
diff --git a/tf-psa-crypto/core/psa_crypto_invasive.h b/tf-psa-crypto/core/psa_crypto_invasive.h
index 51c90c6..32c7b15 100644
--- a/tf-psa-crypto/core/psa_crypto_invasive.h
+++ b/tf-psa-crypto/core/psa_crypto_invasive.h
@@ -16,14 +16,7 @@
#ifndef PSA_CRYPTO_INVASIVE_H
#define PSA_CRYPTO_INVASIVE_H
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "psa/crypto.h"
#include "common.h"
diff --git a/tf-psa-crypto/core/psa_crypto_se.h b/tf-psa-crypto/core/psa_crypto_se.h
index e0bd5ac..8407781 100644
--- a/tf-psa-crypto/core/psa_crypto_se.h
+++ b/tf-psa-crypto/core/psa_crypto_se.h
@@ -9,14 +9,7 @@
#ifndef PSA_CRYPTO_SE_H
#define PSA_CRYPTO_SE_H
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
index 983e050..805ded1 100644
--- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -84,7 +84,6 @@
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
PRIVATE ${TF_PSA_CRYPTO_DIR}/core)
set_config_files_compile_definitions(${target})
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
index aa4d99c..a427375 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
@@ -29,7 +29,7 @@
#define MBEDTLS_AES_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
index fa175f0..8581b3d 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
@@ -18,7 +18,7 @@
#define MBEDTLS_ARIA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
index e2d7311..80e0a17 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
@@ -11,7 +11,7 @@
#define MBEDTLS_ASN1_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
index 7081996..c89e0da 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_ASN1_WRITE_H
#define MBEDTLS_ASN1_WRITE_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/asn1.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
index 8f459b7..591a80f 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_BASE64_H
#define MBEDTLS_BASE64_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
index 40b7277..b54b239 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
@@ -11,7 +11,7 @@
#define MBEDTLS_BIGNUM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
index 3f60f6f..87849a0 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
@@ -12,7 +12,7 @@
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h
new file mode 100644
index 0000000..fc3a9d1
--- /dev/null
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h
@@ -0,0 +1,16 @@
+/*
+ * Alias to tf-psa-crypto/build_info.h for the purpose
+ * of framework C headers and modules in the context
+ * of TF-PSA-Crypto.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_BUILD_INFO_H
+#define MBEDTLS_BUILD_INFO_H
+
+#include "tf-psa-crypto/build_info.h"
+
+#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
index 39266bf..535da61 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
@@ -11,7 +11,7 @@
#define MBEDTLS_CAMELLIA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
index 67d173d..c6ef1f0 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
@@ -36,7 +36,7 @@
#define MBEDTLS_CCM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
index ab7195e..24f53cb 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
@@ -21,7 +21,7 @@
#define MBEDTLS_CHACHA20_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stdint.h>
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
index 6c236fe..947a13d 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
@@ -21,7 +21,7 @@
#define MBEDTLS_CHACHAPOLY_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
/* for shared error codes */
#include "mbedtls/poly1305.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
index 75e95d3..80095be 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
@@ -16,7 +16,7 @@
#define MBEDTLS_CIPHER_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include "mbedtls/platform_util.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
index fd3d8a2..ec217b7 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
@@ -16,7 +16,7 @@
#define MBEDTLS_CMAC_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h
index c9e3d18..b2d9312 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h
@@ -24,7 +24,7 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
index c968d58..2afcd2b 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -17,7 +17,7 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
index ef65cce..9f3c425 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -19,7 +19,7 @@
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
index cce4e89..13e2509 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
@@ -37,7 +37,7 @@
#ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
#define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
index 0b7cce1..98f39c1 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
@@ -30,7 +30,7 @@
#define MBEDTLS_CTR_DRBG_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
/* The CTR_DRBG implementation can either directly call the low-level AES
* module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
index dbe12ed..e40799f 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
@@ -16,7 +16,7 @@
#define MBEDTLS_DES_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
index 0143405..11b0931 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
@@ -52,7 +52,7 @@
#define MBEDTLS_DHM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/bignum.h"
/*
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
index 3d3e479..5528bb0 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
@@ -21,7 +21,7 @@
#define MBEDTLS_ECDH_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/ecp.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
index fcb46e2..b900caa 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
@@ -19,7 +19,7 @@
#define MBEDTLS_ECDSA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
index a75a8ec..007041e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
@@ -27,7 +27,7 @@
* The payloads are serialized in a way suitable for use in TLS, but could
* also be use outside TLS.
*/
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/ecp.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
index 87d63ed..d0c9963 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
@@ -23,7 +23,7 @@
#define MBEDTLS_ECP_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/bignum.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
index 964a996..cf5ec43 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
@@ -11,7 +11,7 @@
#define MBEDTLS_ENTROPY_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/error_common.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/error_common.h
index 58f1cde..724da7a 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/error_common.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/error_common.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_ERROR_COMMON_H
#define MBEDTLS_ERROR_COMMON_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
index e620be7..ce8a31c 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
@@ -20,7 +20,7 @@
#define MBEDTLS_GCM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
index 18b1b75..e00185e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
@@ -15,7 +15,7 @@
#define MBEDTLS_HMAC_DRBG_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
index 95fce21..2ead973 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
@@ -19,7 +19,7 @@
#include <stddef.h>
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
#define MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS -0x0013 /**< Specified LMS key has utilised all of its private keys */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
index 2c5af0b..6a85fe4 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
@@ -17,7 +17,7 @@
#include <stddef.h>
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
/** The selected feature is not available. */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
index ee39bc8..2df0588 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
@@ -15,7 +15,7 @@
#define MBEDTLS_MD5_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
index b527d9b..fa5ebe2 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
index a99d925..2a8ddc0 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
@@ -24,7 +24,7 @@
#define MBEDTLS_NIST_KW_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
index e0ad35e..d4bbd09 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
@@ -11,7 +11,7 @@
#define MBEDTLS_OID_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
index 3c6a28d..38974c1 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
@@ -11,7 +11,7 @@
#define MBEDTLS_PEM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
index 3c0f6e1..4866ec5 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
@@ -12,7 +12,7 @@
#define MBEDTLS_PK_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
index 87f7681..bd68430 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_PKCS12_H
#define MBEDTLS_PKCS12_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/md.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
index 9ba5689..c3f1696 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
@@ -12,7 +12,7 @@
#ifndef MBEDTLS_PKCS5_H
#define MBEDTLS_PKCS5_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/asn1.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
index de3d71d..f21a17e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
@@ -27,7 +27,7 @@
#define MBEDTLS_PLATFORM_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
index 97f1963..bd976ff 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_PLATFORM_TIME_H
#define MBEDTLS_PLATFORM_TIME_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#ifdef __cplusplus
extern "C" {
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
index 1b371ef..1805914 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
@@ -11,7 +11,7 @@
#ifndef MBEDTLS_PLATFORM_UTIL_H
#define MBEDTLS_PLATFORM_UTIL_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#if defined(MBEDTLS_HAVE_TIME_DATE)
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
index b70bfb8..3ee3514 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
@@ -21,7 +21,7 @@
#define MBEDTLS_POLY1305_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stdint.h>
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
index bf2748a..7fa0a83 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
@@ -12,7 +12,7 @@
#define MBEDTLS_PSA_UTIL_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "psa/crypto.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
index 42f2973..4b70187 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
@@ -11,7 +11,7 @@
#define MBEDTLS_RIPEMD160_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
index cc839f2..cd60af8 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
@@ -17,7 +17,7 @@
#define MBEDTLS_RSA_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/bignum.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
index dd47d34..5069411 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
@@ -18,7 +18,7 @@
#define MBEDTLS_SHA1_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
index 05040de..fc2e31e 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
@@ -14,7 +14,7 @@
#define MBEDTLS_SHA256_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
index 3eeee65..7d2df34 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
@@ -16,7 +16,7 @@
#define MBEDTLS_SHA3_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
index 9d01918..c0f1cbb 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
@@ -13,7 +13,7 @@
#define MBEDTLS_SHA512_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
#include <stdint.h>
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
index b4df0e3..f94d579 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
@@ -11,7 +11,7 @@
#define MBEDTLS_THREADING_H
#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stdlib.h>
diff --git a/tf-psa-crypto/drivers/builtin/src/aesce.h b/tf-psa-crypto/drivers/builtin/src/aesce.h
index a14d085..130f765 100644
--- a/tf-psa-crypto/drivers/builtin/src/aesce.h
+++ b/tf-psa-crypto/drivers/builtin/src/aesce.h
@@ -14,7 +14,6 @@
#ifndef MBEDTLS_AESCE_H
#define MBEDTLS_AESCE_H
-#include "mbedtls/build_info.h"
#include "common.h"
#include "mbedtls/aes.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/aesni.h b/tf-psa-crypto/drivers/builtin/src/aesni.h
index 59e27af..5543d69 100644
--- a/tf-psa-crypto/drivers/builtin/src/aesni.h
+++ b/tf-psa-crypto/drivers/builtin/src/aesni.h
@@ -13,7 +13,7 @@
#ifndef MBEDTLS_AESNI_H
#define MBEDTLS_AESNI_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/aes.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h b/tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
index c57338b..bd1f390 100644
--- a/tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
+++ b/tf-psa-crypto/drivers/builtin/src/block_cipher_internal.h
@@ -11,7 +11,7 @@
#ifndef MBEDTLS_BLOCK_CIPHER_INTERNAL_H
#define MBEDTLS_BLOCK_CIPHER_INTERNAL_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/bn_mul.h b/tf-psa-crypto/drivers/builtin/src/bn_mul.h
index 0738469..7792824 100644
--- a/tf-psa-crypto/drivers/builtin/src/bn_mul.h
+++ b/tf-psa-crypto/drivers/builtin/src/bn_mul.h
@@ -24,7 +24,7 @@
#ifndef MBEDTLS_BN_MUL_H
#define MBEDTLS_BN_MUL_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/bignum.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/cipher_wrap.h b/tf-psa-crypto/drivers/builtin/src/cipher_wrap.h
index f229151..4d159ab 100644
--- a/tf-psa-crypto/drivers/builtin/src/cipher_wrap.h
+++ b/tf-psa-crypto/drivers/builtin/src/cipher_wrap.h
@@ -12,7 +12,7 @@
#ifndef MBEDTLS_CIPHER_WRAP_H
#define MBEDTLS_CIPHER_WRAP_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/cipher.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/entropy_poll.h b/tf-psa-crypto/drivers/builtin/src/entropy_poll.h
index 6b4aec0..dd1ee2c 100644
--- a/tf-psa-crypto/drivers/builtin/src/entropy_poll.h
+++ b/tf-psa-crypto/drivers/builtin/src/entropy_poll.h
@@ -10,7 +10,7 @@
#ifndef MBEDTLS_ENTROPY_POLL_H
#define MBEDTLS_ENTROPY_POLL_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include <stddef.h>
diff --git a/tf-psa-crypto/drivers/builtin/src/lmots.h b/tf-psa-crypto/drivers/builtin/src/lmots.h
index cf92d32..fc8763d 100644
--- a/tf-psa-crypto/drivers/builtin/src/lmots.h
+++ b/tf-psa-crypto/drivers/builtin/src/lmots.h
@@ -14,7 +14,7 @@
#ifndef MBEDTLS_LMOTS_H
#define MBEDTLS_LMOTS_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "psa/crypto.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/md_wrap.h b/tf-psa-crypto/drivers/builtin/src/md_wrap.h
index dad1235..5d71c49 100644
--- a/tf-psa-crypto/drivers/builtin/src/md_wrap.h
+++ b/tf-psa-crypto/drivers/builtin/src/md_wrap.h
@@ -14,7 +14,7 @@
#ifndef MBEDTLS_MD_WRAP_H
#define MBEDTLS_MD_WRAP_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/md.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/pk_wrap.h b/tf-psa-crypto/drivers/builtin/src/pk_wrap.h
index 976ef7f..870ff3a 100644
--- a/tf-psa-crypto/drivers/builtin/src/pk_wrap.h
+++ b/tf-psa-crypto/drivers/builtin/src/pk_wrap.h
@@ -11,7 +11,7 @@
#ifndef MBEDTLS_PK_WRAP_H
#define MBEDTLS_PK_WRAP_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/pk.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/pkwrite.h b/tf-psa-crypto/drivers/builtin/src/pkwrite.h
index f7fb18a..4611643 100644
--- a/tf-psa-crypto/drivers/builtin/src/pkwrite.h
+++ b/tf-psa-crypto/drivers/builtin/src/pkwrite.h
@@ -11,7 +11,7 @@
#ifndef MBEDTLS_PK_WRITE_H
#define MBEDTLS_PK_WRITE_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/pk.h"
diff --git a/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h b/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h
index f234036..ee60edf 100644
--- a/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h
+++ b/tf-psa-crypto/drivers/builtin/src/rsa_alt_helpers.h
@@ -47,7 +47,7 @@
#ifndef MBEDTLS_RSA_ALT_HELPERS_H
#define MBEDTLS_RSA_ALT_HELPERS_H
-#include "mbedtls/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#include "mbedtls/bignum.h"
diff --git a/tf-psa-crypto/drivers/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt
index 8c7b7c1..8dedcd4 100644
--- a/tf-psa-crypto/drivers/everest/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt
@@ -8,13 +8,11 @@
set_base_compile_options(${everest_target})
target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE include/everest
include/everest/kremlib
- ${MBEDTLS_DIR}/library
${TF_PSA_CRYPTO_DIR}/core)
set_config_files_compile_definitions(${everest_target})
diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index 3e62627..b84cbec 100644
--- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -9,13 +9,11 @@
target_include_directories(${p256m_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
- $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/builtin/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/drivers/everest/include>
$<INSTALL_INTERFACE:include>
- PRIVATE ${MBEDTLS_DIR}/library/
- ${TF_PSA_CRYPTO_DIR}/core)
+ PRIVATE ${TF_PSA_CRYPTO_DIR}/core)
set_config_files_compile_definitions(${p256m_target})
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
diff --git a/tf-psa-crypto/include/CMakeLists.txt b/tf-psa-crypto/include/CMakeLists.txt
index bca86ff..bfdfb74 100644
--- a/tf-psa-crypto/include/CMakeLists.txt
+++ b/tf-psa-crypto/include/CMakeLists.txt
@@ -2,12 +2,17 @@
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
file(GLOB psa_headers "psa/*.h")
+ file(GLOB tf-psa-crypto_headers "tf-psa-crypto/*.h")
file(GLOB mbedtls_crypto_headers "../drivers/builtin/include/mbedtls/*.h")
install(FILES ${psa_headers}
DESTINATION include/psa
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ install(FILES ${tf-psa-crypto_headers}
+ DESTINATION include/tf-psa-crypto
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
install(FILES ${mbedtls_crypto_headers}
DESTINATION include/mbedtls
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/tf-psa-crypto/include/psa/build_info.h b/tf-psa-crypto/include/psa/build_info.h
deleted file mode 100644
index 3ee6cd7..0000000
--- a/tf-psa-crypto/include/psa/build_info.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * \file psa/build_info.h
- *
- * \brief Build-time PSA configuration info
- *
- * Include this file if you need to depend on the
- * configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
- * in PSA cryptography core specific files.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_BUILD_INFO_H
-#define PSA_CRYPTO_BUILD_INFO_H
-
-#include "mbedtls/build_info.h"
-
-#endif /* PSA_CRYPTO_BUILD_INFO_H */
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h
index 3a2af15..590343b 100644
--- a/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h
@@ -15,7 +15,7 @@
#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h
index 92e9c4d..0871c3a 100644
--- a/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h
@@ -18,7 +18,7 @@
#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h b/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h
index 4c9fb5a..1bb68c6 100644
--- a/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_derived.h
@@ -12,7 +12,7 @@
#ifndef PSA_CRYPTO_ADJUST_CONFIG_DERIVED_H
#define PSA_CRYPTO_ADJUST_CONFIG_DERIVED_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
index cec39e0..c33d777 100644
--- a/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
@@ -21,7 +21,7 @@
#ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
index 54b116f..c5a652e 100644
--- a/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
@@ -16,7 +16,7 @@
#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
-#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#if !defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
diff --git a/tf-psa-crypto/include/psa/crypto_platform.h b/tf-psa-crypto/include/psa/crypto_platform.h
index a871ee1..10f109e 100644
--- a/tf-psa-crypto/include/psa/crypto_platform.h
+++ b/tf-psa-crypto/include/psa/crypto_platform.h
@@ -21,15 +21,7 @@
#ifndef PSA_CRYPTO_PLATFORM_H
#define PSA_CRYPTO_PLATFORM_H
#include "mbedtls/private_access.h"
-
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
/* PSA requires several types which C99 provides in stdint.h. */
#include <stdint.h>
diff --git a/tf-psa-crypto/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h
index 87b8c39..0b21fe7 100644
--- a/tf-psa-crypto/include/psa/crypto_sizes.h
+++ b/tf-psa-crypto/include/psa/crypto_sizes.h
@@ -28,14 +28,7 @@
#ifndef PSA_CRYPTO_SIZES_H
#define PSA_CRYPTO_SIZES_H
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
index ffaf6c2..38b067a 100644
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@@ -54,14 +54,7 @@
extern "C" {
#endif
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
/* Include the context definition for the compiled-in drivers for the primitive
* algorithms. */
diff --git a/tf-psa-crypto/include/psa/crypto_types.h b/tf-psa-crypto/include/psa/crypto_types.h
index bb857ab..cd74e14 100644
--- a/tf-psa-crypto/include/psa/crypto_types.h
+++ b/tf-psa-crypto/include/psa/crypto_types.h
@@ -21,14 +21,7 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
-/*
- * Include the build-time configuration information header. Here, we do not
- * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
- * is basically just an alias to it. This is to ease the maintenance of the
- * TF-PSA-Crypto repository which has a different build system and
- * configuration.
- */
-#include "psa/build_info.h"
+#include "tf-psa-crypto/build_info.h"
/* Define the MBEDTLS_PRIVATE macro. */
#include "mbedtls/private_access.h"
diff --git a/tf-psa-crypto/include/tf-psa-crypto/build_info.h b/tf-psa-crypto/include/tf-psa-crypto/build_info.h
new file mode 100644
index 0000000..eb9f9b2
--- /dev/null
+++ b/tf-psa-crypto/include/tf-psa-crypto/build_info.h
@@ -0,0 +1,141 @@
+/**
+ * \file tf-psa-crypto/build_info.h
+ *
+ * \brief Build-time configuration info
+ *
+ * Include this file if you need to depend on the
+ * configuration options defined in crypto_config.h or TF_PSA_CRYPTO_CONFIG_FILE.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef TF_PSA_CRYPTO_BUILD_INFO_H
+#define TF_PSA_CRYPTO_BUILD_INFO_H
+
+/* Macros for build-time platform detection */
+
+#if !defined(MBEDTLS_ARCH_IS_ARM64) && \
+ (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_ARCH_IS_ARM64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_ARM32) && \
+ (defined(__arm__) || defined(_M_ARM) || \
+ defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_ARCH_IS_ARM32
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X64) && \
+ (defined(__amd64__) || defined(__x86_64__) || \
+ ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)))
+#define MBEDTLS_ARCH_IS_X64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X86) && \
+ (defined(__i386__) || defined(_X86_) || \
+ (defined(_M_IX86) && !defined(_M_I86)))
+#define MBEDTLS_ARCH_IS_X86
+#endif
+
+#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \
+ (defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64
+#endif
+
+/* This is defined if the architecture is Armv8-A, or higher */
+#if !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE)
+#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A')
+/* GCC, clang, armclang and IAR */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#elif defined(__ARM_ARCH_8A)
+/* Alternative defined by clang */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#elif defined(_M_ARM64) || defined(_M_ARM64EC)
+/* MSVC ARM64 is at least Armv8.0-A */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#endif
+
+#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/* Defined if the compiler really is gcc and not clang, etc */
+#define MBEDTLS_COMPILER_IS_GCC
+#define MBEDTLS_GCC_VERSION \
+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/* Define `inline` on some non-C99-compliant compilers. */
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#if defined(TF_PSA_CRYPTO_CONFIG_FILES_READ)
+#error \
+ "Something went wrong: TF_PSA_CRYPTO_CONFIG_FILES_READ defined before reading the config files!"
+#endif
+#if defined(TF_PSA_CRYPTO_CONFIG_IS_FINALIZED)
+#error \
+ "Something went wrong: TF_PSA_CRYPTO_CONFIG_IS_FINALIZED defined before reading the config files!"
+#endif
+
+/* PSA crypto configuration */
+#if defined(TF_PSA_CRYPTO_CONFIG_FILE)
+#include TF_PSA_CRYPTO_CONFIG_FILE
+#else
+#include "psa/crypto_config.h"
+#endif
+#if defined(TF_PSA_CRYPTO_USER_CONFIG_FILE)
+#include TF_PSA_CRYPTO_USER_CONFIG_FILE
+#endif
+
+/* Indicate that all configuration files have been read.
+ * It is now time to adjust the configuration (follow through on dependencies,
+ * make PSA and legacy crypto consistent, etc.).
+ */
+#define TF_PSA_CRYPTO_CONFIG_FILES_READ
+
+/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
+ * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
+ * to ensure a 128-bit key size in CTR_DRBG.
+ */
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && defined(MBEDTLS_CTR_DRBG_C)
+#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+#endif
+
+/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it
+ * in a previous release, to ensure backwards compatibility.
+ */
+#if defined(MBEDTLS_PKCS5_C)
+#define MBEDTLS_MD_C
+#endif
+
+/* PSA crypto specific configuration options
+ * - If config_psa.h reads a configuration option in preprocessor directive,
+ * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C)
+ * - If config_psa.h writes a configuration option in conditional directive,
+ * this symbol should be consulted after its inclusion.
+ * (e.g. MBEDTLS_MD_LIGHT)
+ */
+#include "mbedtls/config_psa.h"
+
+#include "mbedtls/config_adjust_legacy_crypto.h"
+
+/* Indicate that all configuration symbols are set,
+ * even the ones that are calculated programmatically.
+ * It is now safe to query the configuration (to check it, to size buffers,
+ * etc.).
+ */
+#define TF_PSA_CRYPTO_CONFIG_IS_FINALIZED
+
+#include "tf-psa-crypto/check_config.h"
+
+#endif /* TF_PSA_CRYPTO_BUILD_INFO_H */
diff --git a/tf-psa-crypto/include/tf-psa-crypto/check_config.h b/tf-psa-crypto/include/tf-psa-crypto/check_config.h
new file mode 100644
index 0000000..440179b
--- /dev/null
+++ b/tf-psa-crypto/include/tf-psa-crypto/check_config.h
@@ -0,0 +1,698 @@
+/**
+ * \file tf-psa-crypto/check_config.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ * This is an internal header. Do not include it directly.
+ *
+ * This header is included automatically by all public TF-PSA-Crypto headers
+ * (via tf-psa-crypto/build_info.h). Do not include it directly in a
+ * configuration file such as psa/crypto_config.h or #TF_PSA_CRYPTO_USER_CONFIG_FILE!
+ * It would run at the wrong time due to missing derived symbols.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef TF_PSA_CRYPTO_CHECK_CONFIG_H
+#define TF_PSA_CRYPTO_CHECK_CONFIG_H
+
+/* *INDENT-OFF* */
+
+#if !defined(TF_PSA_CRYPTO_CONFIG_IS_FINALIZED)
+#warning "Do not include mbedtls/check_config.h manually! " \
+ "This may cause spurious errors. " \
+ "It is included automatically at the right point since Mbed TLS 3.0."
+#endif /* !TF_PSA_CRYPTO_CONFIG_IS_FINALIZED */
+
+/*
+ * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
+ * target platforms, so not an issue, but let's just be extra sure.
+ */
+#include <limits.h>
+#if CHAR_BIT != 8
+#error "Mbed TLS requires a platform with 8-bit chars"
+#endif
+
+#include <stdint.h>
+
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
+#if !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_C is required on Windows"
+#endif
+/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
+ * in * config_adjust_legacy_crypto.h */
+#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
+ !defined(__GNUC__) && !defined(__clang__)
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
+ * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
+ * all 4 of them.
+ */
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md"
+#endif /* not all of public, basic, import, export */
+#endif /* one of public, basic, import, export */
+
+/* Limitations on ECC curves acceleration: partial curve acceleration is only
+ * supported with crypto excluding PK, X.509 or TLS.
+ * Note: no need to check X.509 as it depends on PK. */
+#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
+ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#if defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
+#if defined(MBEDTLS_PK_C)
+#error "Unsupported partial support for ECC curves acceleration, see docs/driver-only-builds.md"
+#endif /* modules beyond what's supported */
+#endif /* not all curves accelerated */
+#endif /* some curve accelerated */
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
+ (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
+ defined(PSA_WANT_ALG_ECB_NO_PADDING)))
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CMAC_C) && \
+ ( !defined(MBEDTLS_CIPHER_C ) || ( !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) ) )
+#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_NIST_KW_C) && \
+ ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
+#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously"
+#endif
+#endif
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_DES_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_NIST_KW_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously"
+#endif
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) && \
+ ( !defined(MBEDTLS_ECP_C) || \
+ !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
+ !defined(MBEDTLS_ASN1_PARSE_C) || \
+ !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_HAVE_ALG_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
+#endif
+#if defined(PSA_HAVE_ALG_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
+#endif
+#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ECJPAKE_C) && \
+ !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE) && \
+ !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+ !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && \
+ !(defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_256))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+ (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(PSA_WANT_ALG_SHA_512)) \
+ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(PSA_WANT_ALG_SHA_256)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
+#endif
+#endif
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
+#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
+#endif
+#if defined(MBEDTLS_HAS_MEMSAN) && defined(MBEDTLS_HAVE_ASM)
+#error "MemorySanitizer does not support assembly implementation"
+#endif
+#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
+
+#if defined(MBEDTLS_CCM_C) && \
+ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
+ defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
+#error "MBEDTLS_CCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && \
+ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
+ defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
+#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MD_C) && \
+ !defined(PSA_WANT_ALG_MD5) && \
+ !defined(PSA_WANT_ALG_RIPEMD160) && \
+ !defined(PSA_WANT_ALG_SHA_1) && \
+ !defined(PSA_WANT_ALG_SHA_224) && \
+ !defined(PSA_WANT_ALG_SHA_256) && \
+ !defined(PSA_WANT_ALG_SHA_384) && \
+ !defined(PSA_WANT_ALG_SHA_512) && \
+ !defined(PSA_WANT_ALG_SHA3_224) && \
+ !defined(PSA_WANT_ALG_SHA3_256) && \
+ !defined(PSA_WANT_ALG_SHA3_384) && \
+ !defined(PSA_WANT_ALG_SHA3_512)
+#error "MBEDTLS_MD_C defined, but no hash algorithm"
+#endif
+
+#if defined(MBEDTLS_LMS_C) && \
+ ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
+#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
+#endif
+
+#if defined(MBEDTLS_LMS_PRIVATE) && \
+ ( !defined(MBEDTLS_LMS_C) )
+#error "MBEDTLS_LMS_PRIVATE requires MBEDTLS_LMS_C"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && \
+ !defined(MBEDTLS_RSA_C) && !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C) && \
+ (!defined(MBEDTLS_ASN1_PARSE_C) || \
+ !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_PK_C))
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && \
+ (!defined(MBEDTLS_ASN1_WRITE_C) || \
+ !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_PK_C))
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+ defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SETBUF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SETBUF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_SETBUF) ||\
+ defined(MBEDTLS_PLATFORM_SETBUF_ALT) )
+#error "MBEDTLS_PLATFORM_SETBUF_MACRO and MBEDTLS_PLATFORM_STD_SETBUF/MBEDTLS_PLATFORM_SETBUF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) ||\
+ !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) ||\
+ !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT) && \
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_MS_TIME_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) ||\
+ !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
+ defined(MBEDTLS_PLATFORM_TIME_ALT) )
+#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
+ defined(MBEDTLS_PLATFORM_TIME_ALT) )
+#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+ defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+ defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+ defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+ defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+ defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\
+ defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+ !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+ !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
+ ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
+ !defined(MBEDTLS_HAVE_TIME) )
+#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+ !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+ !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+ !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
+ ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
+#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
+ !defined(MBEDTLS_ENTROPY_NV_SEED)
+#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
+ !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
+ !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
+ ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
+ defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
+#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C) && \
+ !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
+ defined(MBEDTLS_ENTROPY_C) ) || \
+ defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
+#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
+ ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
+ defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
+#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+#error "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
+#elif defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS"
+#endif
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ ! defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+ defined(MBEDTLS_ENTROPY_NV_SEED) )
+#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+#endif
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
+ defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
+#endif
+
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
+ defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
+ !defined(MBEDTLS_FS_IO)
+#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
+ !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
+ !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA512_C)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
+#endif
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
+#endif
+
+#endif
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
+#endif
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
+#endif
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
+#endif
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#endif
+#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
+#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
+#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
+
+#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
+ defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
+#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
+
+/*
+ * Avoid warning from -pedantic. This is a convenient place for this
+ * workaround since this is included by every single file before the
+ * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
+ */
+typedef int mbedtls_iso_c_forbids_empty_translation_units;
+
+/* *INDENT-ON* */
+#endif /* TF_PSA_CRYPTO_CHECK_CONFIG_H */
diff --git a/tf-psa-crypto/programs/test/cmake_package_install/.gitignore b/tf-psa-crypto/programs/test/cmake_package_install/.gitignore
new file mode 100644
index 0000000..b8bcb62
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package_install/.gitignore
@@ -0,0 +1,4 @@
+build
+Makefile
+cmake_package_install
+tf-psa-crypto
diff --git a/tf-psa-crypto/programs/test/cmake_package_install/CMakeLists.txt b/tf-psa-crypto/programs/test/cmake_package_install/CMakeLists.txt
new file mode 100644
index 0000000..a6d82a6
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package_install/CMakeLists.txt
@@ -0,0 +1,40 @@
+cmake_minimum_required(VERSION 3.5.1)
+
+#
+# Simulate configuring and building Mbed TLS as the user might do it. We'll
+# install into a directory inside our own build directory.
+#
+
+set(TF-PSA-Crypto_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(TF-PSA-Crypto_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/tf-psa-crypto")
+set(TF-PSA-Crypto_BINARY_DIR "${TF-PSA-Crypto_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${TF-PSA-Crypto_SOURCE_DIR}"
+ "-B${TF-PSA-Crypto_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO"
+ # Turn on generated files explicitly in case this is a release
+ "-DGEN_FILES=ON"
+ "-DCMAKE_INSTALL_PREFIX=${TF-PSA-Crypto_INSTALL_DIR}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${TF-PSA-Crypto_BINARY_DIR}"
+ --target install)
+
+#
+# Locate the package.
+#
+
+list(INSERT CMAKE_PREFIX_PATH 0 "${TF-PSA-Crypto_INSTALL_DIR}")
+find_package(TF-PSA-Crypto REQUIRED)
+
+#
+# At this point, the TF-PSA-Crypto targets should have been imported, and we
+# can now link to them from our own program.
+#
+
+add_executable(cmake_package_install cmake_package_install.c)
+target_link_libraries(cmake_package_install TF-PSA-Crypto::tfpsacrypto)
diff --git a/tf-psa-crypto/programs/test/cmake_package_install/cmake_package_install.c b/tf-psa-crypto/programs/test/cmake_package_install/cmake_package_install.c
new file mode 100644
index 0000000..082ca27
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_package_install/cmake_package_install.c
@@ -0,0 +1,19 @@
+/*
+ * Simple program to test that TF-PSA-Crypto builds correctly as an installable
+ * CMake package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a PSA cryptography API to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ psa_crypto_init();
+
+ return 0;
+}
diff --git a/tf-psa-crypto/scripts/config.py b/tf-psa-crypto/scripts/config.py
index 30b6067..312d589 100755
--- a/tf-psa-crypto/scripts/config.py
+++ b/tf-psa-crypto/scripts/config.py
@@ -58,6 +58,7 @@
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_HAVE_SSE2', # hardware dependency
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
+ 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C
'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
@@ -77,6 +78,8 @@
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
+ 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices
+ 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
*PSA_UNSUPPORTED_FEATURE,
*PSA_DEPRECATED_FEATURE,
*PSA_UNSTABLE_FEATURE
diff --git a/tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json b/tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json
index 4794074..c0802f4 100644
--- a/tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json
+++ b/tf-psa-crypto/scripts/data_files/driver_jsons/p256_transparent_driver.json
@@ -2,7 +2,7 @@
"prefix": "p256",
"type": "transparent",
"mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
- "headers": ["../tf-psa-crypto/drivers/p256-m/p256-m_driver_entrypoints.h"],
+ "headers": ["../drivers/p256-m/p256-m_driver_entrypoints.h"],
"capabilities": [
{
"mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)",
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index 2929cf3..a1ecca2 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -304,7 +304,6 @@
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../drivers/builtin/src)
# Request C11, which is needed for memory poisoning tests
diff --git a/tf-psa-crypto/tests/scripts/components-build-system.sh b/tf-psa-crypto/tests/scripts/components-build-system.sh
index 5de9dc7..5dd7869 100644
--- a/tf-psa-crypto/tests/scripts/components-build-system.sh
+++ b/tf-psa-crypto/tests/scripts/components-build-system.sh
@@ -31,3 +31,12 @@
make
./cmake_subproject
}
+
+component_test_tf_psa_crypto_cmake_as_package_install () {
+ msg "build: cmake 'as-installed-package' build"
+ cd programs/test/cmake_package_install
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake .
+ make
+ ./cmake_package_install
+}