PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index b84aaee..681c973 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -91,6 +91,7 @@
*/
#if defined(MBEDTLS_ECJPAKE_C) || \
defined(MBEDTLS_PEM_PARSE_C) || \
+ defined(MBEDTLS_PKCS12_C) || \
defined(MBEDTLS_RSA_C)
#define MBEDTLS_MD_LIGHT
#endif
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 4f214cf..7b7ecba 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -174,11 +174,6 @@
#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PKCS12_C) && \
- !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) )
-#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_PKCS1_V21) && \
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) )
#error "MBEDTLS_PKCS1_V21 defined, but not all prerequisites"
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 0940cb6..87181a6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2892,13 +2892,8 @@
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
* MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any PKCS12 operation.
- *
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any PKCS12 operations.
*
* This module enables PKCS#12 functions.
*/
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 8521483..515d9e1 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -35,13 +35,6 @@
#include <string.h>
-#if !defined(MBEDTLS_MD_C)
-#include "mbedtls/psa_util.h"
-#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_md_errors, \
- psa_generic_status_to_mbedtls)
-#endif
-
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
@@ -234,7 +227,6 @@
unsigned char *pwd_block, unsigned char *hash_output, int use_salt,
int use_password, size_t hlen, size_t v)
{
-#if defined(MBEDTLS_MD_C)
int ret = -1;
size_t i;
const mbedtls_md_info_t *md_info;
@@ -285,58 +277,6 @@
exit:
mbedtls_md_free(&md_ctx);
return ret;
-#else
- psa_hash_operation_t op = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t alg = mbedtls_psa_translate_md(md_type);
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_status_t status_abort = PSA_ERROR_CORRUPTION_DETECTED;
- size_t i, out_len, out_size = PSA_HASH_LENGTH(alg);
-
- if (alg == PSA_ALG_NONE) {
- return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
- }
-
- if ((status = psa_hash_setup(&op, alg)) != PSA_SUCCESS) {
- goto exit;
- }
-
- // Calculate hash( diversifier || salt_block || pwd_block )
- if ((status = psa_hash_update(&op, diversifier, v)) != PSA_SUCCESS) {
- goto exit;
- }
-
- if (use_salt != 0) {
- if ((status = psa_hash_update(&op, salt_block, v)) != PSA_SUCCESS) {
- goto exit;
- }
- }
-
- if (use_password != 0) {
- if ((status = psa_hash_update(&op, pwd_block, v)) != PSA_SUCCESS) {
- goto exit;
- }
- }
-
- if ((status = psa_hash_finish(&op, hash_output, out_size, &out_len))
- != PSA_SUCCESS) {
- goto exit;
- }
-
- // Perform remaining ( iterations - 1 ) recursive hash calculations
- for (i = 1; i < (size_t) iterations; i++) {
- if ((status = psa_hash_compute(alg, hash_output, hlen, hash_output,
- out_size, &out_len)) != PSA_SUCCESS) {
- goto exit;
- }
- }
-
-exit:
- status_abort = psa_hash_abort(&op);
- if (status == PSA_SUCCESS) {
- status = status_abort;
- }
- return PSA_TO_MBEDTLS_ERR(status);
-#endif /* !MBEDTLS_MD_C */
}
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index ab51e02..65722d0 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -32,6 +32,8 @@
size_t salt_len = 0;
size_t key_size = key_size_arg;
+ MD_PSA_INIT();
+
if (password_usage == USE_GIVEN_INPUT) {
password = password_arg->x;
}
@@ -65,6 +67,6 @@
exit:
mbedtls_free(output_data);
-
+ MD_PSA_DONE();
}
/* END_CASE */