aboutsummaryrefslogtreecommitdiff
path: root/vendor/mbedtls
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-04-25 17:45:42 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-04-25 17:45:42 -0400
commit6ff8bb11774c51fd341b7699a3938fd894995fbf (patch)
tree823ef4f5397e7ed96a5198a83d0c3b3145b3d127 /vendor/mbedtls
parent7cb7a93de4f6f5e741bc5129e3d928e44f050930 (diff)
refactor: Finish support and testing for mbedtls
Diffstat (limited to 'vendor/mbedtls')
-rw-r--r--vendor/mbedtls/config_adjust_legacy_crypto.h183
-rw-r--r--vendor/mbedtls/debug.h308
-rw-r--r--vendor/mbedtls/include/mbedtls/aes.h (renamed from vendor/mbedtls/aes.h)4
-rw-r--r--vendor/mbedtls/include/mbedtls/aria.h (renamed from vendor/mbedtls/aria.h)2
-rw-r--r--vendor/mbedtls/include/mbedtls/asn1.h (renamed from vendor/mbedtls/asn1.h)9
-rw-r--r--vendor/mbedtls/include/mbedtls/asn1write.h (renamed from vendor/mbedtls/asn1write.h)5
-rw-r--r--vendor/mbedtls/include/mbedtls/base64.h (renamed from vendor/mbedtls/base64.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/bignum.h (renamed from vendor/mbedtls/bignum.h)6
-rw-r--r--vendor/mbedtls/include/mbedtls/block_cipher.h76
-rw-r--r--vendor/mbedtls/include/mbedtls/build_info.h (renamed from vendor/mbedtls/build_info.h)42
-rw-r--r--vendor/mbedtls/include/mbedtls/camellia.h (renamed from vendor/mbedtls/camellia.h)2
-rw-r--r--vendor/mbedtls/include/mbedtls/ccm.h (renamed from vendor/mbedtls/ccm.h)10
-rw-r--r--vendor/mbedtls/include/mbedtls/chacha20.h (renamed from vendor/mbedtls/chacha20.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/chachapoly.h (renamed from vendor/mbedtls/chachapoly.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/check_config.h (renamed from vendor/mbedtls/check_config.h)329
-rw-r--r--vendor/mbedtls/include/mbedtls/cipher.h (renamed from vendor/mbedtls/cipher.h)12
-rw-r--r--vendor/mbedtls/include/mbedtls/cmac.h (renamed from vendor/mbedtls/cmac.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/compat-2.x.h (renamed from vendor/mbedtls/compat-2.x.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h465
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h (renamed from vendor/mbedtls/config_adjust_legacy_from_psa.h)381
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h (renamed from vendor/mbedtls/config_adjust_psa_from_legacy.h)25
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h (renamed from vendor/mbedtls/config_adjust_psa_superset_legacy.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_ssl.h (renamed from vendor/mbedtls/config_adjust_ssl.h)5
-rw-r--r--vendor/mbedtls/include/mbedtls/config_adjust_x509.h (renamed from vendor/mbedtls/config_adjust_x509.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/config_psa.h (renamed from vendor/mbedtls/config_psa.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/constant_time.h (renamed from vendor/mbedtls/constant_time.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ctr_drbg.h (renamed from vendor/mbedtls/ctr_drbg.h)18
-rw-r--r--vendor/mbedtls/include/mbedtls/debug.h156
-rw-r--r--vendor/mbedtls/include/mbedtls/des.h (renamed from vendor/mbedtls/des.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/dhm.h (renamed from vendor/mbedtls/dhm.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ecdh.h (renamed from vendor/mbedtls/ecdh.h)13
-rw-r--r--vendor/mbedtls/include/mbedtls/ecdsa.h (renamed from vendor/mbedtls/ecdsa.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ecjpake.h (renamed from vendor/mbedtls/ecjpake.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ecp.h (renamed from vendor/mbedtls/ecp.h)186
-rw-r--r--vendor/mbedtls/include/mbedtls/entropy.h (renamed from vendor/mbedtls/entropy.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/error.h (renamed from vendor/mbedtls/error.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/gcm.h (renamed from vendor/mbedtls/gcm.h)36
-rw-r--r--vendor/mbedtls/include/mbedtls/hkdf.h (renamed from vendor/mbedtls/hkdf.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/hmac_drbg.h (renamed from vendor/mbedtls/hmac_drbg.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/lms.h (renamed from vendor/mbedtls/lms.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/mbedtls_config.h (renamed from vendor/mbedtls/mbedtls_config.h)197
-rw-r--r--vendor/mbedtls/include/mbedtls/md.h (renamed from vendor/mbedtls/md.h)114
-rw-r--r--vendor/mbedtls/include/mbedtls/md5.h (renamed from vendor/mbedtls/md5.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h (renamed from vendor/mbedtls/memory_buffer_alloc.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/net_sockets.h (renamed from vendor/mbedtls/net_sockets.h)4
-rw-r--r--vendor/mbedtls/include/mbedtls/nist_kw.h (renamed from vendor/mbedtls/nist_kw.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/oid.h (renamed from vendor/mbedtls/oid.h)9
-rw-r--r--vendor/mbedtls/include/mbedtls/pem.h (renamed from vendor/mbedtls/pem.h)6
-rw-r--r--vendor/mbedtls/include/mbedtls/pk.h (renamed from vendor/mbedtls/pk.h)389
-rw-r--r--vendor/mbedtls/include/mbedtls/pkcs12.h (renamed from vendor/mbedtls/pkcs12.h)8
-rw-r--r--vendor/mbedtls/include/mbedtls/pkcs5.h (renamed from vendor/mbedtls/pkcs5.h)9
-rw-r--r--vendor/mbedtls/include/mbedtls/pkcs7.h (renamed from vendor/mbedtls/pkcs7.h)1
-rw-r--r--vendor/mbedtls/include/mbedtls/platform.h (renamed from vendor/mbedtls/platform.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/platform_time.h (renamed from vendor/mbedtls/platform_time.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/platform_util.h (renamed from vendor/mbedtls/platform_util.h)4
-rw-r--r--vendor/mbedtls/include/mbedtls/poly1305.h (renamed from vendor/mbedtls/poly1305.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/private_access.h (renamed from vendor/mbedtls/private_access.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/psa_util.h188
-rw-r--r--vendor/mbedtls/include/mbedtls/ripemd160.h (renamed from vendor/mbedtls/ripemd160.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/rsa.h (renamed from vendor/mbedtls/rsa.h)12
-rw-r--r--vendor/mbedtls/include/mbedtls/sha1.h (renamed from vendor/mbedtls/sha1.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/sha256.h (renamed from vendor/mbedtls/sha256.h)2
-rw-r--r--vendor/mbedtls/include/mbedtls/sha3.h (renamed from vendor/mbedtls/sha3.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/sha512.h (renamed from vendor/mbedtls/sha512.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl.h (renamed from vendor/mbedtls/ssl.h)493
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl_cache.h (renamed from vendor/mbedtls/ssl_cache.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl_ciphersuites.h (renamed from vendor/mbedtls/ssl_ciphersuites.h)140
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl_cookie.h (renamed from vendor/mbedtls/ssl_cookie.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/ssl_ticket.h (renamed from vendor/mbedtls/ssl_ticket.h)24
-rw-r--r--vendor/mbedtls/include/mbedtls/threading.h (renamed from vendor/mbedtls/threading.h)40
-rw-r--r--vendor/mbedtls/include/mbedtls/timing.h (renamed from vendor/mbedtls/timing.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/version.h (renamed from vendor/mbedtls/version.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/x509.h (renamed from vendor/mbedtls/x509.h)89
-rw-r--r--vendor/mbedtls/include/mbedtls/x509_crl.h (renamed from vendor/mbedtls/x509_crl.h)0
-rw-r--r--vendor/mbedtls/include/mbedtls/x509_crt.h (renamed from vendor/mbedtls/x509_crt.h)12
-rw-r--r--vendor/mbedtls/include/mbedtls/x509_csr.h (renamed from vendor/mbedtls/x509_csr.h)65
-rw-r--r--vendor/mbedtls/include/psa/build_info.h (renamed from vendor/mbedtls/psa/build_info.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto.h (renamed from vendor/mbedtls/psa/crypto.h)164
-rw-r--r--vendor/mbedtls/include/psa/crypto_adjust_auto_enabled.h (renamed from vendor/mbedtls/psa/crypto_adjust_auto_enabled.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h (renamed from vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_adjust_config_synonyms.h (renamed from vendor/mbedtls/psa/crypto_adjust_config_synonyms.h)6
-rw-r--r--vendor/mbedtls/include/psa/crypto_builtin_composites.h (renamed from vendor/mbedtls/psa/crypto_builtin_composites.h)4
-rw-r--r--vendor/mbedtls/include/psa/crypto_builtin_key_derivation.h (renamed from vendor/mbedtls/psa/crypto_builtin_key_derivation.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_builtin_primitives.h (renamed from vendor/mbedtls/psa/crypto_builtin_primitives.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_compat.h (renamed from vendor/mbedtls/psa/crypto_compat.h)77
-rw-r--r--vendor/mbedtls/include/psa/crypto_config.h (renamed from vendor/mbedtls/psa/crypto_config.h)6
-rw-r--r--vendor/mbedtls/include/psa/crypto_driver_common.h (renamed from vendor/mbedtls/psa/crypto_driver_common.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_driver_contexts_composites.h (renamed from vendor/mbedtls/psa/crypto_driver_contexts_composites.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h (renamed from vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_driver_contexts_primitives.h (renamed from vendor/mbedtls/psa/crypto_driver_contexts_primitives.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_extra.h (renamed from vendor/mbedtls/psa/crypto_extra.h)209
-rw-r--r--vendor/mbedtls/include/psa/crypto_legacy.h (renamed from vendor/mbedtls/psa/crypto_legacy.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_platform.h (renamed from vendor/mbedtls/psa/crypto_platform.h)14
-rw-r--r--vendor/mbedtls/include/psa/crypto_se_driver.h (renamed from vendor/mbedtls/psa/crypto_se_driver.h)0
-rw-r--r--vendor/mbedtls/include/psa/crypto_sizes.h (renamed from vendor/mbedtls/psa/crypto_sizes.h)20
-rw-r--r--vendor/mbedtls/include/psa/crypto_struct.h (renamed from vendor/mbedtls/psa/crypto_struct.h)203
-rw-r--r--vendor/mbedtls/include/psa/crypto_types.h (renamed from vendor/mbedtls/psa/crypto_types.h)35
-rw-r--r--vendor/mbedtls/include/psa/crypto_values.h (renamed from vendor/mbedtls/psa/crypto_values.h)26
-rw-r--r--vendor/mbedtls/psa_util.h104
99 files changed, 2984 insertions, 1963 deletions
diff --git a/vendor/mbedtls/config_adjust_legacy_crypto.h b/vendor/mbedtls/config_adjust_legacy_crypto.h
deleted file mode 100644
index f769765..0000000
--- a/vendor/mbedtls/config_adjust_legacy_crypto.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/**
- * \file mbedtls/config_adjust_legacy_crypto.h
- * \brief Adjust legacy configuration configuration
- *
- * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
- * configurations need to be explicitly enabled by the user: enabling
- * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
- * compilation error. However, we do automatically enable certain options
- * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
- * used to identify parts of a module that are used by other module, and we
- * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
- * Another case is if A didn't depend on B in earlier versions, and we
- * want to use B in A but we need to preserve backward compatibility with
- * configurations that explicitly activate MBEDTLS_xxx_A but not
- * MBEDTLS_xxx_B.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
-#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
-
-/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
- * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
- */
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_MD_LIGHT
-#endif
-
-/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
- * in a previous release, to ensure backwards compatibility.
- */
-#if defined(MBEDTLS_ECJPAKE_C) || \
- defined(MBEDTLS_PEM_PARSE_C) || \
- defined(MBEDTLS_ENTROPY_C) || \
- defined(MBEDTLS_PK_C) || \
- defined(MBEDTLS_PKCS12_C) || \
- defined(MBEDTLS_RSA_C) || \
- defined(MBEDTLS_SSL_TLS_C) || \
- defined(MBEDTLS_X509_USE_C) || \
- defined(MBEDTLS_X509_CREATE_C)
-#define MBEDTLS_MD_LIGHT
-#endif
-
-/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
- * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
- * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
- * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
- * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
- * these features are not supported in PSA so the only way to have them is
- * to enable the built-in solution.
- * Both of them are temporary dependencies:
- * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
- * - support for compressed points should also be added to PSA, but in this
- * case there is no associated issue to track it yet.
- * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
- * still depends on ECP_LIGHT.
- * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
- * be fixed by #7453.
- */
-#if defined(MBEDTLS_ECP_C) || \
- defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
- defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#define MBEDTLS_ECP_LIGHT
-#endif
-
-/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while
- * in previous version compressed points were automatically supported as long
- * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
- * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
- * are met. */
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_PARSE_EC_COMPRESSED
-#endif
-
-/* Helper symbol to state that there is support for ECDH, either through
- * library implementation (ECDH_C) or through PSA. */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
- (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
-#define MBEDTLS_CAN_ECDH
-#endif
-
-/* PK module can achieve ECDSA functionalities by means of either software
- * implementations (ECDSA_C) or through a PSA driver. The following defines
- * are meant to list these capabilities in a general way which abstracts how
- * they are implemented under the hood. */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* MBEDTLS_ECDSA_C */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(PSA_WANT_ALG_ECDSA)
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PK_CAN_ECDSA_VERIFY
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_ALG_ECDSA */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
-#define MBEDTLS_PK_CAN_ECDSA_SOME
-#endif
-
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/* The PK wrappers need pk_write functions to format RSA key objects
- * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO,
- * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_PARSE_C
-#endif
-
-/* Helpers to state that each key is supported either on the builtin or PSA side. */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_HAVE_SECP521R1
-#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_HAVE_BP512R1
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_HAVE_CURVE448
-#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_HAVE_BP384R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_HAVE_SECP384R1
-#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_HAVE_BP256R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_HAVE_SECP256K1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_HAVE_SECP256R1
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_HAVE_CURVE25519
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
-#define MBEDTLS_ECP_HAVE_SECP224K1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_HAVE_SECP224R1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_HAVE_SECP192K1
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_HAVE_SECP192R1
-#endif
-
-/* Helper symbol to state that the PK module has support for EC keys. This
- * can either be provided through the legacy ECP solution or through the
- * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
-#if defined(MBEDTLS_ECP_C) || \
- (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
-#define MBEDTLS_PK_HAVE_ECC_KEYS
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
-
-/* Historically pkparse did not check the CBC padding when decrypting
- * a key. This was a bug, which is now fixed. As a consequence, pkparse
- * now needs PKCS7 padding support, but existing configurations might not
- * enable it, so we enable it here. */
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-
-#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
diff --git a/vendor/mbedtls/debug.h b/vendor/mbedtls/debug.h
deleted file mode 100644
index 0aef2ed..0000000
--- a/vendor/mbedtls/debug.h
+++ /dev/null
@@ -1,308 +0,0 @@
-/**
- * \file debug.h
- *
- * \brief Functions for controlling and providing debug output from the library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_DEBUG_H
-#define MBEDTLS_DEBUG_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
-
-#define MBEDTLS_SSL_DEBUG_MSG(level, args) \
- mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
- MBEDTLS_DEBUG_STRIP_PARENS args)
-
-#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
- mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
-
-#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
- mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
-
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
- mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
- mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
- mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt)
-#else
-#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
-#endif /* MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
- mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr)
-#endif
-
-#else /* MBEDTLS_DEBUG_C */
-
-#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0)
-
-#endif /* MBEDTLS_DEBUG_C */
-
-/**
- * \def MBEDTLS_PRINTF_ATTRIBUTE
- *
- * Mark a function as having printf attributes, and thus enable checking
- * via -wFormat and other flags. This does nothing on builds with compilers
- * that do not support the format attribute
- *
- * Module: library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if defined(__has_attribute)
-#if __has_attribute(format)
-#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((__format__(gnu_printf, string_index, first_to_check)))
-#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((format(printf, string_index, first_to_check)))
-#endif
-#else /* __has_attribute(format) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif /* __has_attribute(format) */
-#else /* defined(__has_attribute) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif
-
-/**
- * \def MBEDTLS_PRINTF_SIZET
- *
- * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
- * and MinGW we need to define the printf specifier for size_t
- * and long long per platform.
- *
- * Module: library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
- #include <inttypes.h>
- #define MBEDTLS_PRINTF_SIZET PRIuPTR
- #define MBEDTLS_PRINTF_LONGLONG "I64d"
-#else \
- /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
- #define MBEDTLS_PRINTF_SIZET "zu"
- #define MBEDTLS_PRINTF_LONGLONG "lld"
-#endif \
- /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
-
-#if !defined(MBEDTLS_PRINTF_MS_TIME)
-#define MBEDTLS_PRINTF_MS_TIME PRId64
-#endif /* MBEDTLS_PRINTF_MS_TIME */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Set the threshold error level to handle globally all debug output.
- * Debug messages that have a level over the threshold value are
- * discarded.
- * (Default value: 0 = No debug )
- *
- * \param threshold threshold level of messages to filter on. Messages at a
- * higher level will be discarded.
- * - Debug levels
- * - 0 No debug
- * - 1 Error
- * - 2 State change
- * - 3 Informational
- * - 4 Verbose
- */
-void mbedtls_debug_set_threshold(int threshold);
-
-/**
- * \brief Print a message to the debug output. This function is always used
- * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- * context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the message has occurred in
- * \param line line number the message has occurred at
- * \param format format specifier, in printf format
- * \param ... variables used by the format specifier
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
-
-/**
- * \brief Print the return value of a function to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text the name of the function that returned the error
- * \param ret the return code value
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, int ret);
-
-/**
- * \brief Output a buffer of size len bytes to the debug output. This function
- * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the buffer being dumped. Normally the
- * variable or buffer name
- * \param buf the buffer to be outputted
- * \param len length of the buffer
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line, const char *text,
- const unsigned char *buf, size_t len);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief Print a MPI variable to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the MPI being output. Normally the
- * variable name
- * \param X the MPI variable
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X);
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief Print an ECP point to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the ECP point being output. Normally the
- * variable name
- * \param X the ECP point
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X);
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief Print a X.509 certificate structure to the debug output. This
- * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- * which supplies the ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the certificate being output
- * \param crt X.509 certificate structure
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_x509_crt *crt);
-#endif
-
-/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
- only works for the built-in implementation. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
- defined(MBEDTLS_ECDH_C)
-typedef enum {
- MBEDTLS_DEBUG_ECDH_Q,
- MBEDTLS_DEBUG_ECDH_QP,
- MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief Print a field of the ECDH structure in the SSL context to the debug
- * output. This function is always used through the
- * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- * and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param ecdh the ECDH context
- * \param attr the identifier of the attribute being output
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr);
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
- MBEDTLS_ECDH_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* debug.h */
diff --git a/vendor/mbedtls/aes.h b/vendor/mbedtls/include/mbedtls/aes.h
index 77ecffd..d5eb1fd 100644
--- a/vendor/mbedtls/aes.h
+++ b/vendor/mbedtls/include/mbedtls/aes.h
@@ -155,6 +155,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief This function sets the decryption key.
*
@@ -173,6 +174,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
/**
@@ -592,6 +594,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16]);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Internal AES block decryption function. This is only
* exposed to allow overriding it using see
@@ -607,6 +610,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16]);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/vendor/mbedtls/aria.h b/vendor/mbedtls/include/mbedtls/aria.h
index abb8a3d..c685fc3 100644
--- a/vendor/mbedtls/aria.h
+++ b/vendor/mbedtls/include/mbedtls/aria.h
@@ -98,6 +98,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief This function sets the decryption key.
*
@@ -116,6 +117,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief This function performs an ARIA single-block encryption or
diff --git a/vendor/mbedtls/asn1.h b/vendor/mbedtls/include/mbedtls/asn1.h
index 830458b..ff019f4 100644
--- a/vendor/mbedtls/asn1.h
+++ b/vendor/mbedtls/include/mbedtls/asn1.h
@@ -197,7 +197,8 @@ typedef struct mbedtls_asn1_named_data {
}
mbedtls_asn1_named_data;
-#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
+ defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
/**
* \brief Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
@@ -244,7 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p,
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag);
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
#if defined(MBEDTLS_ASN1_PARSE_C)
/**
@@ -632,10 +633,10 @@ void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name);
/** \} name Functions to parse ASN.1 data structures */
/** \} addtogroup asn1_module */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
#ifdef __cplusplus
}
#endif
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
#endif /* asn1.h */
diff --git a/vendor/mbedtls/asn1write.h b/vendor/mbedtls/include/mbedtls/asn1write.h
index 7af4aba..0c5a85a 100644
--- a/vendor/mbedtls/asn1write.h
+++ b/vendor/mbedtls/include/mbedtls/asn1write.h
@@ -36,7 +36,8 @@
extern "C" {
#endif
-#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
/**
* \brief Write a length field in ASN.1 format.
*
@@ -65,7 +66,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start,
*/
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
unsigned char tag);
-#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/
#if defined(MBEDTLS_ASN1_WRITE_C)
/**
diff --git a/vendor/mbedtls/base64.h b/vendor/mbedtls/include/mbedtls/base64.h
index 8f459b7..8f459b7 100644
--- a/vendor/mbedtls/base64.h
+++ b/vendor/mbedtls/include/mbedtls/base64.h
diff --git a/vendor/mbedtls/bignum.h b/vendor/mbedtls/include/mbedtls/bignum.h
index 931e06d..71d7b97 100644
--- a/vendor/mbedtls/bignum.h
+++ b/vendor/mbedtls/include/mbedtls/bignum.h
@@ -51,15 +51,15 @@
#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
/*
- * Maximum window size used for modular exponentiation. Default: 2
+ * Maximum window size used for modular exponentiation. Default: 3
* Minimum value: 1. Maximum value: 6.
*
* Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
+ * for the sliding window calculation. (So 8 by default)
*
* Reduction in size, reduces speed.
*/
-#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
#if !defined(MBEDTLS_MPI_MAX_SIZE)
diff --git a/vendor/mbedtls/include/mbedtls/block_cipher.h b/vendor/mbedtls/include/mbedtls/block_cipher.h
new file mode 100644
index 0000000..3f60f6f
--- /dev/null
+++ b/vendor/mbedtls/include/mbedtls/block_cipher.h
@@ -0,0 +1,76 @@
+/**
+ * \file block_cipher.h
+ *
+ * \brief Internal abstraction layer.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_BLOCK_CIPHER_H
+#define MBEDTLS_BLOCK_CIPHER_H
+
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+#if defined(MBEDTLS_ARIA_C)
+#include "mbedtls/aria.h"
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+#include "mbedtls/camellia.h"
+#endif
+
+#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
+#include "psa/crypto_types.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+ MBEDTLS_BLOCK_CIPHER_ID_NONE = 0, /**< Unset. */
+ MBEDTLS_BLOCK_CIPHER_ID_AES, /**< The AES cipher. */
+ MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
+ MBEDTLS_BLOCK_CIPHER_ID_ARIA, /**< The Aria cipher. */
+} mbedtls_block_cipher_id_t;
+
+/**
+ * Used internally to indicate whether a context uses legacy or PSA.
+ *
+ * Internal use only.
+ */
+typedef enum {
+ MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY = 0,
+ MBEDTLS_BLOCK_CIPHER_ENGINE_PSA,
+} mbedtls_block_cipher_engine_t;
+
+typedef struct {
+ mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id);
+#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
+ mbedtls_block_cipher_engine_t MBEDTLS_PRIVATE(engine);
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_key_id);
+#endif
+ union {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_AES_C)
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes);
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ mbedtls_aria_context MBEDTLS_PRIVATE(aria);
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ mbedtls_camellia_context MBEDTLS_PRIVATE(camellia);
+#endif
+ } MBEDTLS_PRIVATE(ctx);
+} mbedtls_block_cipher_context_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_BLOCK_CIPHER_H */
diff --git a/vendor/mbedtls/build_info.h b/vendor/mbedtls/include/mbedtls/build_info.h
index 87e3c2e..eab167f 100644
--- a/vendor/mbedtls/build_info.h
+++ b/vendor/mbedtls/include/mbedtls/build_info.h
@@ -25,17 +25,17 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 3
-#define MBEDTLS_VERSION_MINOR 5
-#define MBEDTLS_VERSION_PATCH 2
+#define MBEDTLS_VERSION_MINOR 6
+#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03050200
-#define MBEDTLS_VERSION_STRING "3.5.2"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.2"
+#define MBEDTLS_VERSION_NUMBER 0x03060000
+#define MBEDTLS_VERSION_STRING "3.6.0"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0"
/* Macros for build-time platform detection */
@@ -62,6 +62,35 @@
#define MBEDTLS_ARCH_IS_X86
#endif
+#if !defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) && \
+ (defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64
+#endif
+
+/* This is defined if the architecture is Armv8-A, or higher */
+#if !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#if defined(__ARM_ARCH) && defined(__ARM_ARCH_PROFILE)
+#if (__ARM_ARCH >= 8) && (__ARM_ARCH_PROFILE == 'A')
+/* GCC, clang, armclang and IAR */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#elif defined(__ARM_ARCH_8A)
+/* Alternative defined by clang */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#elif defined(_M_ARM64) || defined(_M_ARM64EC)
+/* MSVC ARM64 is at least Armv8.0-A */
+#define MBEDTLS_ARCH_IS_ARMV8_A
+#endif
+#endif
+
+#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/* Defined if the compiler really is gcc and not clang, etc */
+#define MBEDTLS_COMPILER_IS_GCC
+#define MBEDTLS_GCC_VERSION \
+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
@@ -129,7 +158,8 @@
* (e.g. MBEDTLS_MD_LIGHT)
*/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
- defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
+ defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \
+ defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */
#include "mbedtls/config_psa.h"
#endif
diff --git a/vendor/mbedtls/camellia.h b/vendor/mbedtls/include/mbedtls/camellia.h
index 6c674fe..557f472 100644
--- a/vendor/mbedtls/camellia.h
+++ b/vendor/mbedtls/include/mbedtls/camellia.h
@@ -81,6 +81,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/**
* \brief Perform a CAMELLIA key schedule operation for decryption.
*
@@ -96,6 +97,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
const unsigned char *key,
unsigned int keybits);
+#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/**
* \brief Perform a CAMELLIA-ECB block encryption/decryption operation.
diff --git a/vendor/mbedtls/ccm.h b/vendor/mbedtls/include/mbedtls/ccm.h
index a98111b..1da57c9 100644
--- a/vendor/mbedtls/ccm.h
+++ b/vendor/mbedtls/include/mbedtls/ccm.h
@@ -40,6 +40,10 @@
#include "mbedtls/cipher.h"
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+#include "mbedtls/block_cipher.h"
+#endif
+
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
@@ -80,7 +84,11 @@ typedef struct mbedtls_ccm_context {
#MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#else
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+#endif
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
state. Used for chunked data input */
}
@@ -501,7 +509,7 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
unsigned char *tag, size_t tag_len);
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_CCM_GCM_CAN_AES)
/**
* \brief The CCM checkup routine.
*
diff --git a/vendor/mbedtls/chacha20.h b/vendor/mbedtls/include/mbedtls/chacha20.h
index 680fe36..680fe36 100644
--- a/vendor/mbedtls/chacha20.h
+++ b/vendor/mbedtls/include/mbedtls/chacha20.h
diff --git a/vendor/mbedtls/chachapoly.h b/vendor/mbedtls/include/mbedtls/chachapoly.h
index 3dc21e3..3dc21e3 100644
--- a/vendor/mbedtls/chachapoly.h
+++ b/vendor/mbedtls/include/mbedtls/chachapoly.h
diff --git a/vendor/mbedtls/check_config.h b/vendor/mbedtls/include/mbedtls/check_config.h
index e479ef3..b3c038d 100644
--- a/vendor/mbedtls/check_config.h
+++ b/vendor/mbedtls/include/mbedtls/check_config.h
@@ -27,18 +27,8 @@
#if !defined(MBEDTLS_PLATFORM_C)
#error "MBEDTLS_PLATFORM_C is required on Windows"
#endif
-
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
- !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
+/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
+ * in * config_adjust_legacy_crypto.h */
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
@@ -54,65 +44,6 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
-/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
- * when PSA crypto is enabled. */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
-#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
-#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
-#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
-#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
-#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
-#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
-#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
-#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-/* SECP224K1 is buggy in PSA API so we skip this check */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
-#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
-#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
-#endif
-
-#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
-
/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
* `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
* all 4 of them.
@@ -153,7 +84,9 @@
#endif /* not all curves accelerated */
#endif /* some curve accelerated */
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
+ (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
+ defined(PSA_WANT_ALG_ECB_NO_PADDING)))
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
@@ -171,6 +104,36 @@
#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously"
+#endif
+#if defined(PSA_WANT_KEY_TYPE_DES)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously"
+#endif
+#endif
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_DES_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously"
+#endif
+#if defined(MBEDTLS_NIST_KW_C)
+#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously"
+#endif
+#endif
+
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
#endif
@@ -193,9 +156,17 @@
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECJPAKE_C) && \
- ( !defined(MBEDTLS_ECP_C) || \
- !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
+#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature"
+#endif
+#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification"
+#endif
+#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ECJPAKE_C) && \
+ !defined(MBEDTLS_ECP_C)
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
#endif
@@ -219,7 +190,7 @@
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
+#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
@@ -233,39 +204,11 @@
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
!defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PKCS12_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS5_C) && \
- !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
-#endif
-
-/* Helpers for hash dependencies, will be undefined at the end of the file */
-/* Do SHA-256, 384, 512 to cover Entropy and TLS. */
-#if defined(MBEDTLS_SHA256_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
-#define MBEDTLS_MD_HAVE_SHA256
-#endif
-#if defined(MBEDTLS_SHA384_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
-#define MBEDTLS_MD_HAVE_SHA384
-#endif
-#if defined(MBEDTLS_SHA512_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
-#define MBEDTLS_MD_HAVE_SHA512
+#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- !(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256))
+ !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
@@ -273,40 +216,34 @@
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \
+ (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256)
+ defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
+#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
#endif
#endif
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
#endif
-#undef MBEDTLS_HAS_MEMSAN
+#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
-#if defined(MBEDTLS_CCM_C) && ( \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
+#if defined(MBEDTLS_CCM_C) && \
+ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
+ defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
#error "MBEDTLS_CCM_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_CCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && ( \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_GCM_C) && \
+ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
+ defined(MBEDTLS_CCM_GCM_CAN_CAMELLIA))
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
@@ -362,28 +299,6 @@
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
#endif
-/* Helper for JPAKE dependencies, will be undefined at the end of the file */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PK_HAVE_JPAKE
-#endif
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_ECJPAKE_C)
-#define MBEDTLS_PK_HAVE_JPAKE
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/* Helper for curve SECP256R1 */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
-#endif
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(MBEDTLS_CAN_ECDH) || \
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
@@ -437,47 +352,52 @@
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
- !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ ( !defined(PSA_WANT_ALG_JPAKE) || \
+ !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ !defined(PSA_WANT_ECC_SECP_R1_256) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ ( !defined(MBEDTLS_ECJPAKE_C) || \
+ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Use of EC J-PAKE in TLS requires SHA-256. */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- !defined(MBEDTLS_MD_HAVE_SHA256)
+ !defined(MBEDTLS_MD_CAN_SHA256)
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
- ( !defined(MBEDTLS_SHA256_C) && \
- !defined(MBEDTLS_SHA512_C) && \
- !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
-#endif
-
-#if defined(MBEDTLS_MD_C) && !( \
- defined(MBEDTLS_MD5_C) || \
- defined(MBEDTLS_RIPEMD160_C) || \
- defined(MBEDTLS_SHA1_C) || \
- defined(MBEDTLS_SHA224_C) || \
- defined(MBEDTLS_SHA256_C) || \
- defined(MBEDTLS_SHA384_C) || \
- defined(MBEDTLS_SHA512_C) || \
- (defined(MBEDTLS_PSA_CRYPTO_C) && \
- (defined(PSA_WANT_ALG_MD5) || \
- defined(PSA_WANT_ALG_RIPEMD160) || \
- defined(PSA_WANT_ALG_SHA_1) || \
- defined(PSA_WANT_ALG_SHA_224) || \
- defined(PSA_WANT_ALG_SHA_256) || \
- defined(PSA_WANT_ALG_SHA_384) || \
- defined(PSA_WANT_ALG_SHA_512))))
-#error "MBEDTLS_MD_C defined, but not all prerequisites"
+ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
+ !defined(MBEDTLS_MD_CAN_SHA256) && \
+ !defined(MBEDTLS_MD_CAN_SHA512) && \
+ !defined(MBEDTLS_MD_CAN_SHA1)
+#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
+#endif
+
+#if defined(MBEDTLS_MD_C) && \
+ !defined(MBEDTLS_MD_CAN_MD5) && \
+ !defined(MBEDTLS_MD_CAN_RIPEMD160) && \
+ !defined(MBEDTLS_MD_CAN_SHA1) && \
+ !defined(MBEDTLS_MD_CAN_SHA224) && \
+ !defined(MBEDTLS_MD_CAN_SHA256) && \
+ !defined(MBEDTLS_MD_CAN_SHA384) && \
+ !defined(MBEDTLS_MD_CAN_SHA512) && \
+ !defined(MBEDTLS_MD_CAN_SHA3_224) && \
+ !defined(MBEDTLS_MD_CAN_SHA3_256) && \
+ !defined(MBEDTLS_MD_CAN_SHA3_384) && \
+ !defined(MBEDTLS_MD_CAN_SHA3_512)
+#error "MBEDTLS_MD_C defined, but no hash algorithm"
#endif
#if defined(MBEDTLS_LMS_C) && \
- ! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
+ ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
#endif
@@ -512,11 +432,17 @@
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#if defined(MBEDTLS_PK_PARSE_C) && \
+ (!defined(MBEDTLS_ASN1_PARSE_C) || \
+ !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_PK_C))
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#if defined(MBEDTLS_PK_WRITE_C) && \
+ (!defined(MBEDTLS_ASN1_WRITE_C) || \
+ !defined(MBEDTLS_OID_C) || \
+ !defined(MBEDTLS_PK_C))
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
#endif
@@ -754,7 +680,8 @@
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C )
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C)
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
#endif
@@ -837,25 +764,24 @@
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
-#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
- defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
#if !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA256_USE_A64_CRYPTO_* defined without MBEDTLS_SHA256_C"
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C"
#endif
#if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT)
-#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*"
+#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*"
#endif
#endif
-#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && \
- !defined(__aarch64__) && !defined(_M_ARM64)
-#error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8_A)
+#error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY defined on non-Armv8-A system"
#endif
/* TLS 1.3 requires separate HKDF parts from PSA,
@@ -865,7 +791,7 @@
* Note: for dependencies common with TLS 1.2 (running handshake hash),
* see MBEDTLS_SSL_TLS_C. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
- !(defined(MBEDTLS_PSA_CRYPTO_C) && \
+ !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
defined(PSA_WANT_ALG_HKDF_EXPAND) && \
(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
@@ -936,7 +862,8 @@
#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
+ defined(MBEDTLS_USE_PSA_CRYPTO))
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
@@ -948,7 +875,7 @@
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_MD_C) || \
- !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384))
+ !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1028,7 +955,8 @@
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && \
- !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+ !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
@@ -1046,22 +974,20 @@
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
#endif
-#define MBEDTLS_THREADING_IMPL
+#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
#endif
-
#if defined(MBEDTLS_THREADING_ALT)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
#endif
-#define MBEDTLS_THREADING_IMPL
+#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
#endif
-
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
#endif
-#undef MBEDTLS_THREADING_IMPL
+#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
#endif
@@ -1129,7 +1055,9 @@
#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
+ !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
#endif
@@ -1188,13 +1116,6 @@
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
#endif
-/* Undefine helper symbols */
-#undef MBEDTLS_PK_HAVE_JPAKE
-#undef MBEDTLS_MD_HAVE_SHA256
-#undef MBEDTLS_MD_HAVE_SHA384
-#undef MBEDTLS_MD_HAVE_SHA512
-#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1
-
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/vendor/mbedtls/cipher.h b/vendor/mbedtls/include/mbedtls/cipher.h
index 2596baa..1dc31c9 100644
--- a/vendor/mbedtls/cipher.h
+++ b/vendor/mbedtls/include/mbedtls/cipher.h
@@ -480,7 +480,7 @@ static inline size_t mbedtls_cipher_info_get_key_bitlen(
if (info == NULL) {
return 0;
} else {
- return info->MBEDTLS_PRIVATE(key_bitlen) << MBEDTLS_KEY_BITLEN_SHIFT;
+ return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT;
}
}
@@ -678,7 +678,6 @@ int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
static inline unsigned int mbedtls_cipher_get_block_size(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return 0;
}
@@ -698,7 +697,6 @@ static inline unsigned int mbedtls_cipher_get_block_size(
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return MBEDTLS_MODE_NONE;
}
@@ -719,7 +717,6 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
static inline int mbedtls_cipher_get_iv_size(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return 0;
}
@@ -743,8 +740,6 @@ static inline int mbedtls_cipher_get_iv_size(
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_CIPHER_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return MBEDTLS_CIPHER_NONE;
}
@@ -764,7 +759,6 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
static inline const char *mbedtls_cipher_get_name(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return 0;
}
@@ -784,8 +778,6 @@ static inline const char *mbedtls_cipher_get_name(
static inline int mbedtls_cipher_get_key_bitlen(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return MBEDTLS_KEY_LENGTH_NONE;
}
@@ -805,8 +797,6 @@ static inline int mbedtls_cipher_get_key_bitlen(
static inline mbedtls_operation_t mbedtls_cipher_get_operation(
const mbedtls_cipher_context_t *ctx)
{
- MBEDTLS_INTERNAL_VALIDATE_RET(
- ctx != NULL, MBEDTLS_OPERATION_NONE);
if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
return MBEDTLS_OPERATION_NONE;
}
diff --git a/vendor/mbedtls/cmac.h b/vendor/mbedtls/include/mbedtls/cmac.h
index 97b86fc..97b86fc 100644
--- a/vendor/mbedtls/cmac.h
+++ b/vendor/mbedtls/include/mbedtls/cmac.h
diff --git a/vendor/mbedtls/compat-2.x.h b/vendor/mbedtls/include/mbedtls/compat-2.x.h
index 096341b..096341b 100644
--- a/vendor/mbedtls/compat-2.x.h
+++ b/vendor/mbedtls/include/mbedtls/compat-2.x.h
diff --git a/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h
new file mode 100644
index 0000000..e477c07
--- /dev/null
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h
@@ -0,0 +1,465 @@
+/**
+ * \file mbedtls/config_adjust_legacy_crypto.h
+ * \brief Adjust legacy configuration configuration
+ *
+ * Automatically enable certain dependencies. Generally, MBEDLTS_xxx
+ * configurations need to be explicitly enabled by the user: enabling
+ * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
+ * compilation error. However, we do automatically enable certain options
+ * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
+ * used to identify parts of a module that are used by other module, and we
+ * don't want to make the symbol MBEDTLS_xxx_B part of the public API.
+ * Another case is if A didn't depend on B in earlier versions, and we
+ * want to use B in A but we need to preserve backward compatibility with
+ * configurations that explicitly activate MBEDTLS_xxx_A but not
+ * MBEDTLS_xxx_B.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+
+/* Ideally, we'd set those as defaults in mbedtls_config.h, but
+ * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
+ *
+ * So, adjust it here.
+ * Not related to crypto, but this is the bottom of the stack. */
+#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
+#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+ !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
+ !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+#endif
+#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
+
+/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
+ * in PSA. */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && \
+ (defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
+#define MBEDTLS_CIPHER_C
+#endif
+
+/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
+ * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
+ */
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
+ * in a previous release, to ensure backwards compatibility.
+ */
+#if defined(MBEDTLS_ECJPAKE_C) || \
+ defined(MBEDTLS_PEM_PARSE_C) || \
+ defined(MBEDTLS_ENTROPY_C) || \
+ defined(MBEDTLS_PK_C) || \
+ defined(MBEDTLS_PKCS12_C) || \
+ defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_SSL_TLS_C) || \
+ defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_X509_CREATE_C)
+#define MBEDTLS_MD_LIGHT
+#endif
+
+#if defined(MBEDTLS_MD_LIGHT)
+/*
+ * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
+ * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
+ * (see below).
+ * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
+ * via PSA (see below).
+ * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
+ * via a direct legacy call (see below).
+ *
+ * The md module performs an algorithm via PSA if there is a PSA hash
+ * accelerator and the PSA driver subsytem is initialized at the time the
+ * operation is started, and makes a direct legacy call otherwise.
+ */
+
+/* PSA accelerated implementations */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+#define MBEDTLS_MD_CAN_MD5
+#define MBEDTLS_MD_MD5_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+#define MBEDTLS_MD_CAN_SHA1
+#define MBEDTLS_MD_SHA1_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+#define MBEDTLS_MD_CAN_SHA224
+#define MBEDTLS_MD_SHA224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+#define MBEDTLS_MD_CAN_SHA256
+#define MBEDTLS_MD_SHA256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+#define MBEDTLS_MD_CAN_SHA384
+#define MBEDTLS_MD_SHA384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+#define MBEDTLS_MD_CAN_SHA512
+#define MBEDTLS_MD_SHA512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+#define MBEDTLS_MD_CAN_RIPEMD160
+#define MBEDTLS_MD_RIPEMD160_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_SHA3_224_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_SHA3_256_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_SHA3_384_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SHA3_512_VIA_PSA
+#define MBEDTLS_MD_SOME_PSA
+#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* Built-in implementations */
+#if defined(MBEDTLS_MD5_C)
+#define MBEDTLS_MD_CAN_MD5
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA1_C)
+#define MBEDTLS_MD_CAN_SHA1
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA224_C)
+#define MBEDTLS_MD_CAN_SHA224
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_MD_CAN_SHA256
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA384_C)
+#define MBEDTLS_MD_CAN_SHA384
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_CAN_SHA512
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_SHA3_C)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_CAN_SHA3_512
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+#define MBEDTLS_MD_CAN_RIPEMD160
+#define MBEDTLS_MD_SOME_LEGACY
+#endif
+
+#endif /* MBEDTLS_MD_LIGHT */
+
+/* BLOCK_CIPHER module can dispatch to PSA when:
+ * - PSA is enabled and drivers have been initialized
+ * - desired key type is supported on the PSA side
+ * If the above conditions are not met, but the legacy support is enabled, then
+ * BLOCK_CIPHER will dynamically fallback to it.
+ *
+ * In case BLOCK_CIPHER is defined (see below) the following symbols/helpers
+ * can be used to define its capabilities:
+ * - MBEDTLS_BLOCK_CIPHER_SOME_PSA: there is at least 1 key type between AES,
+ * ARIA and Camellia which is supported through a driver;
+ * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_PSA: xxx key type is supported through a
+ * driver;
+ * - MBEDTLS_BLOCK_CIPHER_xxx_VIA_LEGACY: xxx key type is supported through
+ * a legacy module (i.e. MBEDTLS_xxx_C)
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#define MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA
+#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
+#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA
+#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA
+#define MBEDTLS_BLOCK_CIPHER_SOME_PSA
+#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_AES_C)
+#define MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY
+#endif
+#if defined(MBEDTLS_ARIA_C)
+#define MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+#define MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY
+#endif
+
+/* Helpers to state that BLOCK_CIPHER module supports AES, ARIA and/or Camellia
+ * block ciphers via either PSA or legacy. */
+#if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) || \
+ defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_LEGACY)
+#define MBEDTLS_BLOCK_CIPHER_CAN_AES
+#endif
+#if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) || \
+ defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_LEGACY)
+#define MBEDTLS_BLOCK_CIPHER_CAN_ARIA
+#endif
+#if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) || \
+ defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_LEGACY)
+#define MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA
+#endif
+
+/* GCM_C and CCM_C can either depend on (in order of preference) BLOCK_CIPHER_C
+ * or CIPHER_C. The former is auto-enabled when:
+ * - CIPHER_C is not defined, which is also the legacy solution;
+ * - BLOCK_CIPHER_SOME_PSA because in this case BLOCK_CIPHER can take advantage
+ * of the driver's acceleration.
+ */
+#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \
+ (!defined(MBEDTLS_CIPHER_C) || defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA))
+#define MBEDTLS_BLOCK_CIPHER_C
+#endif
+
+/* Helpers for GCM/CCM capabilities */
+#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_AES))
+#define MBEDTLS_CCM_GCM_CAN_AES
+#endif
+
+#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_ARIA_C)) || \
+ (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_ARIA))
+#define MBEDTLS_CCM_GCM_CAN_ARIA
+#endif
+
+#if (defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_CAMELLIA_C)) || \
+ (defined(MBEDTLS_BLOCK_CIPHER_C) && defined(MBEDTLS_BLOCK_CIPHER_CAN_CAMELLIA))
+#define MBEDTLS_CCM_GCM_CAN_CAMELLIA
+#endif
+
+/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
+ * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
+ * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
+ * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well.
+ * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because
+ * these features are not supported in PSA so the only way to have them is
+ * to enable the built-in solution.
+ * Both of them are temporary dependencies:
+ * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789
+ * - support for compressed points should also be added to PSA, but in this
+ * case there is no associated issue to track it yet.
+ * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation
+ * still depends on ECP_LIGHT.
+ * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will
+ * be fixed by #7453.
+ */
+#if defined(MBEDTLS_ECP_C) || \
+ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
+ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_ECP_LIGHT
+#endif
+
+/* Backward compatibility: after #8740 the RSA module offers functions to parse
+ * and write RSA private/public keys without relying on the PK one. Of course
+ * this needs ASN1 support to do so, so we enable it here. */
+#if defined(MBEDTLS_RSA_C)
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif
+
+/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
+ * in previous version compressed points were automatically supported as long
+ * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
+ * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions
+ * are met. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_PARSE_EC_COMPRESSED
+#endif
+
+/* Helper symbol to state that there is support for ECDH, either through
+ * library implementation (ECDH_C) or through PSA. */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
+ (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
+#define MBEDTLS_CAN_ECDH
+#endif
+
+/* PK module can achieve ECDSA functionalities by means of either software
+ * implementations (ECDSA_C) or through a PSA driver. The following defines
+ * are meant to list these capabilities in a general way which abstracts how
+ * they are implemented under the hood. */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDSA_C)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* MBEDTLS_ECDSA_C */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+#define MBEDTLS_PK_CAN_ECDSA_SIGN
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_PK_CAN_ECDSA_VERIFY
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* PSA_WANT_ALG_ECDSA */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
+#define MBEDTLS_PK_CAN_ECDSA_SOME
+#endif
+
+/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
+ * is defined as well to include all PSA code.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+/* Helpers to state that each key is supported either on the builtin or PSA side. */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+#define MBEDTLS_ECP_HAVE_SECP521R1
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#define MBEDTLS_ECP_HAVE_BP512R1
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+#define MBEDTLS_ECP_HAVE_CURVE448
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#define MBEDTLS_ECP_HAVE_BP384R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+#define MBEDTLS_ECP_HAVE_SECP384R1
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#define MBEDTLS_ECP_HAVE_BP256R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+#define MBEDTLS_ECP_HAVE_SECP256K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+#define MBEDTLS_ECP_HAVE_SECP256R1
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+#define MBEDTLS_ECP_HAVE_CURVE25519
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+#define MBEDTLS_ECP_HAVE_SECP224K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+#define MBEDTLS_ECP_HAVE_SECP224R1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+#define MBEDTLS_ECP_HAVE_SECP192K1
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+#define MBEDTLS_ECP_HAVE_SECP192R1
+#endif
+
+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */
+#if defined(MBEDTLS_ECP_C) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY))
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
+/* Historically pkparse did not check the CBC padding when decrypting
+ * a key. This was a bug, which is now fixed. As a consequence, pkparse
+ * now needs PKCS7 padding support, but existing configurations might not
+ * enable it, so we enable it here. */
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PKCS5_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+
+/* Backwards compatibility for some macros which were renamed to reflect that
+ * they are related to Armv8, not aarch64. */
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
+ !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
+#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+#endif
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+#endif
+
+/* psa_util file features some ECDSA conversion functions, to convert between
+ * legacy's ASN.1 DER format and PSA's raw one. */
+#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
+ (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
+#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
+#endif
+
+/* Some internal helpers to determine which keys are availble. */
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
+#define MBEDTLS_SSL_HAVE_AES
+#endif
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA))
+#define MBEDTLS_SSL_HAVE_ARIA
+#endif
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA))
+#define MBEDTLS_SSL_HAVE_CAMELLIA
+#endif
+
+/* Some internal helpers to determine which operation modes are availble. */
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING))
+#define MBEDTLS_SSL_HAVE_CBC
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
+#define MBEDTLS_SSL_HAVE_GCM
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
+#define MBEDTLS_SSL_HAVE_CCM
+#endif
+
+#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
+#define MBEDTLS_SSL_HAVE_CHACHAPOLY
+#endif
+
+#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
+ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
+#define MBEDTLS_SSL_HAVE_AEAD
+#endif
+
+#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
diff --git a/vendor/mbedtls/config_adjust_legacy_from_psa.h b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
index ab18d98..0091e24 100644
--- a/vendor/mbedtls/config_adjust_legacy_from_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -47,139 +47,65 @@
*/
/* ECC: curves: is acceleration complete? */
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#if (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)) || \
+ (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)) || \
+ (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
+ !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)) || \
+ (defined(PSA_WANT_ECC_SECP_R1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)) || \
+ (defined(PSA_WANT_ECC_SECP_R1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)) || \
+ (defined(PSA_WANT_ECC_SECP_R1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)) || \
+ (defined(PSA_WANT_ECC_SECP_R1_384) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)) || \
+ (defined(PSA_WANT_ECC_SECP_R1_521) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)) || \
+ (defined(PSA_WANT_ECC_SECP_K1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)) || \
+ (defined(PSA_WANT_ECC_SECP_K1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)) || \
+ (defined(PSA_WANT_ECC_SECP_K1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
#endif
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#if (defined(PSA_WANT_ECC_MONTGOMERY_255) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)) || \
+ (defined(PSA_WANT_ECC_MONTGOMERY_448) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_192) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_224) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_256) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_384) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_521) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_192) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_224) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_256) && \
- !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
#endif
/* ECC: algs: is acceleration complete? */
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_ECDH) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_ECDSA) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
+#if (defined(PSA_WANT_ALG_ECDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)) || \
+ (defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)) || \
+ (defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)) || \
+ (defined(PSA_WANT_ALG_JPAKE) && !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
#endif
/* ECC: key types: is acceleration complete? */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
#endif
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
/* Special case: we don't support cooked key derivation in drivers yet */
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
#endif
-/* Note: the condition is always true as DERIVE can't be accelerated yet */
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
- !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+/* Note: the condition about key derivation is always true as DERIVE can't be
+ * accelerated yet */
+#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)) || \
+ (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE))
#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
#endif
@@ -386,8 +312,6 @@
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
@@ -396,8 +320,6 @@
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
@@ -405,8 +327,6 @@
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
@@ -414,8 +334,6 @@
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
@@ -423,8 +341,6 @@
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
@@ -433,20 +349,149 @@
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
#endif /* missing accel */
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif
+
/* End of ECC section */
+/*
+ * DH key types follow the same pattern used above for EC keys. They are defined
+ * by a triplet (group, key_type, alg). A triplet is accelerated if all its
+ * component are accelerated, otherwise each component needs to be builtin.
+ */
+
+/* DH: groups: is acceleration complete? */
+#if (defined(PSA_WANT_DH_RFC7919_2048) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)) || \
+ (defined(PSA_WANT_DH_RFC7919_3072) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)) || \
+ (defined(PSA_WANT_DH_RFC7919_4096) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)) || \
+ (defined(PSA_WANT_DH_RFC7919_6144) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)) || \
+ (defined(PSA_WANT_DH_RFC7919_8192) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192))
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS
+#endif
+
+/* DH: algs: is acceleration complete? */
+#if defined(PSA_WANT_ALG_FFDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS
+#endif
+
+/* DH: key types: is acceleration complete? */
+#if (defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)) || \
+ (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)) || \
+ (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)) || \
+ (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)) || \
+ (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE))
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_2048)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+
+#if defined(PSA_WANT_DH_RFC7919_3072)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+
+#if defined(PSA_WANT_DH_RFC7919_4096)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+
+#if defined(PSA_WANT_DH_RFC7919_6144)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+
+#if defined(PSA_WANT_DH_RFC7919_8192)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+
#if defined(PSA_WANT_ALG_FFDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
#define MBEDTLS_BIGNUM_C
#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
#endif /* PSA_WANT_ALG_FFDH */
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+ defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+/* End of DH section */
+
#if defined(PSA_WANT_ALG_HKDF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
/*
@@ -634,46 +679,12 @@
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
-
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
#define MBEDTLS_RSA_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
@@ -685,20 +696,13 @@
#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
(defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
(defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
- defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
- (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
- (defined(PSA_WANT_ALG_CBC_PKCS7) && \
- !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
+ (defined(PSA_WANT_ALG_ECB_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_NO_PADDING) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
+ (defined(PSA_WANT_ALG_CBC_PKCS7) && !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
(defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
#define PSA_HAVE_SOFT_BLOCK_MODE 1
#endif
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
- (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1
@@ -711,9 +715,7 @@
#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
- defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
#define MBEDTLS_AES_C
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
@@ -724,8 +726,7 @@
#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
#define MBEDTLS_ARIA_C
#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
@@ -736,8 +737,7 @@
#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
- defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
- defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+ defined(PSA_HAVE_SOFT_BLOCK_MODE)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
#define MBEDTLS_CAMELLIA_C
#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
@@ -754,8 +754,15 @@
#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
#endif /* PSA_WANT_KEY_TYPE_DES */
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
+#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif /* MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER */
+#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
#define MBEDTLS_CHACHA20_C
#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
@@ -771,10 +778,6 @@
#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
#endif
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
#if defined(PSA_WANT_ALG_CBC_MAC)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
@@ -784,8 +787,7 @@
#if defined(PSA_WANT_ALG_CMAC)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
- defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
- defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
+ defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
#define MBEDTLS_CMAC_C
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
@@ -848,11 +850,20 @@
defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
#define MBEDTLS_CCM_C
#endif
#endif /* PSA_WANT_ALG_CCM */
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
+ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
+#define MBEDTLS_CCM_C
+#endif
+#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */
+
#if defined(PSA_WANT_ALG_GCM)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
diff --git a/vendor/mbedtls/config_adjust_psa_from_legacy.h b/vendor/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h
index c31a462..3456615 100644
--- a/vendor/mbedtls/config_adjust_psa_from_legacy.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -25,9 +25,11 @@
#if defined(MBEDTLS_CCM_C)
#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
#define PSA_WANT_ALG_CCM 1
+#if defined(MBEDTLS_CIPHER_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1
#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
+#endif /* MBEDTLS_CIPHER_C */
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CMAC_C)
@@ -79,13 +81,22 @@
#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
#define PSA_WANT_ALG_FFDH 1
-#define PSA_WANT_DH_FAMILY_RFC7919 1
+#define PSA_WANT_DH_RFC7919_2048 1
+#define PSA_WANT_DH_RFC7919_3072 1
+#define PSA_WANT_DH_RFC7919_4096 1
+#define PSA_WANT_DH_RFC7919_6144 1
+#define PSA_WANT_DH_RFC7919_8192 1
#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_GCM_C)
@@ -226,9 +237,12 @@
#if defined(MBEDTLS_CHACHA20_C)
#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+/* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */
+#if defined(MBEDTLS_CIPHER_C)
+#define PSA_WANT_ALG_STREAM_CIPHER 1
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
@@ -244,8 +258,9 @@
#endif
#endif
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
- defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
+#if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
+ defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \
+ defined(MBEDTLS_CIPHER_C)
#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#endif
diff --git a/vendor/mbedtls/config_adjust_psa_superset_legacy.h b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h
index 3a55c3f..3a55c3f 100644
--- a/vendor/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h
diff --git a/vendor/mbedtls/config_adjust_ssl.h b/vendor/mbedtls/include/mbedtls/config_adjust_ssl.h
index 8415f3e..39c7b3b 100644
--- a/vendor/mbedtls/config_adjust_ssl.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_ssl.h
@@ -34,6 +34,10 @@
#undef MBEDTLS_SSL_PROTO_DTLS
#endif
+#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
+#undef MBEDTLS_SSL_TICKET_C
+#endif
+
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
@@ -65,6 +69,7 @@
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
#undef MBEDTLS_SSL_EARLY_DATA
+#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
diff --git a/vendor/mbedtls/config_adjust_x509.h b/vendor/mbedtls/include/mbedtls/config_adjust_x509.h
index 346c8ae..346c8ae 100644
--- a/vendor/mbedtls/config_adjust_x509.h
+++ b/vendor/mbedtls/include/mbedtls/config_adjust_x509.h
diff --git a/vendor/mbedtls/config_psa.h b/vendor/mbedtls/include/mbedtls/config_psa.h
index 17da61b..17da61b 100644
--- a/vendor/mbedtls/config_psa.h
+++ b/vendor/mbedtls/include/mbedtls/config_psa.h
diff --git a/vendor/mbedtls/constant_time.h b/vendor/mbedtls/include/mbedtls/constant_time.h
index d31bff6..d31bff6 100644
--- a/vendor/mbedtls/constant_time.h
+++ b/vendor/mbedtls/include/mbedtls/constant_time.h
diff --git a/vendor/mbedtls/ctr_drbg.h b/vendor/mbedtls/include/mbedtls/ctr_drbg.h
index d1f19e6..c00756d 100644
--- a/vendor/mbedtls/ctr_drbg.h
+++ b/vendor/mbedtls/include/mbedtls/ctr_drbg.h
@@ -32,7 +32,14 @@
#include "mbedtls/build_info.h"
+/* In case AES_C is defined then it is the primary option for backward
+ * compatibility purposes. If that's not available, PSA is used instead */
+#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
+#else
+#include "psa/crypto.h"
+#endif
+
#include "entropy.h"
#if defined(MBEDTLS_THREADING_C)
@@ -150,6 +157,13 @@ extern "C" {
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif
+#if !defined(MBEDTLS_AES_C)
+typedef struct mbedtls_ctr_drbg_psa_context {
+ mbedtls_svc_key_id_t key_id;
+ psa_cipher_operation_t operation;
+} mbedtls_ctr_drbg_psa_context;
+#endif
+
/**
* \brief The CTR_DRBG context structure.
*/
@@ -175,7 +189,11 @@ typedef struct mbedtls_ctr_drbg_context {
* This is the maximum number of requests
* that can be made between reseedings. */
+#if defined(MBEDTLS_AES_C)
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
+#else
+ mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */
+#endif
/*
* Callbacks (Entropy)
diff --git a/vendor/mbedtls/include/mbedtls/debug.h b/vendor/mbedtls/include/mbedtls/debug.h
new file mode 100644
index 0000000..424ed4b
--- /dev/null
+++ b/vendor/mbedtls/include/mbedtls/debug.h
@@ -0,0 +1,156 @@
+/**
+ * \file debug.h
+ *
+ * \brief Functions for controlling and providing debug output from the library.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/ssl.h"
+
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
+
+#define MBEDTLS_SSL_DEBUG_MSG(level, args) \
+ mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
+ MBEDTLS_DEBUG_STRIP_PARENS args)
+
+#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+ mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
+
+#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
+
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+ mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+ mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+ mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt)
+#else
+#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
+#endif /* MBEDTLS_X509_REMOVE_INFO */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
+ mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr)
+#endif
+
+#else /* MBEDTLS_DEBUG_C */
+
+#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
+#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0)
+
+#endif /* MBEDTLS_DEBUG_C */
+
+/**
+ * \def MBEDTLS_PRINTF_ATTRIBUTE
+ *
+ * Mark a function as having printf attributes, and thus enable checking
+ * via -wFormat and other flags. This does nothing on builds with compilers
+ * that do not support the format attribute
+ *
+ * Module: library/debug.c
+ * Caller:
+ *
+ * This module provides debugging functions.
+ */
+#if defined(__has_attribute)
+#if __has_attribute(format)
+#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__((__format__(gnu_printf, string_index, first_to_check)))
+#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__((format(printf, string_index, first_to_check)))
+#endif
+#else /* __has_attribute(format) */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#endif /* __has_attribute(format) */
+#else /* defined(__has_attribute) */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#endif
+
+/**
+ * \def MBEDTLS_PRINTF_SIZET
+ *
+ * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
+ * and MinGW we need to define the printf specifier for size_t
+ * and long long per platform.
+ *
+ * Module: library/debug.c
+ * Caller:
+ *
+ * This module provides debugging functions.
+ */
+#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
+ #include <inttypes.h>
+ #define MBEDTLS_PRINTF_SIZET PRIuPTR
+ #define MBEDTLS_PRINTF_LONGLONG "I64d"
+#else \
+ /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+ #define MBEDTLS_PRINTF_SIZET "zu"
+ #define MBEDTLS_PRINTF_LONGLONG "lld"
+#endif \
+ /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+
+#if !defined(MBEDTLS_PRINTF_MS_TIME)
+#include <inttypes.h>
+#if !defined(PRId64)
+#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG
+#else
+#define MBEDTLS_PRINTF_MS_TIME PRId64
+#endif
+#endif /* MBEDTLS_PRINTF_MS_TIME */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Set the threshold error level to handle globally all debug output.
+ * Debug messages that have a level over the threshold value are
+ * discarded.
+ * (Default value: 0 = No debug )
+ *
+ * \param threshold threshold level of messages to filter on. Messages at a
+ * higher level will be discarded.
+ * - Debug levels
+ * - 0 No debug
+ * - 1 Error
+ * - 2 State change
+ * - 3 Informational
+ * - 4 Verbose
+ */
+void mbedtls_debug_set_threshold(int threshold);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_DEBUG_H */
diff --git a/vendor/mbedtls/des.h b/vendor/mbedtls/include/mbedtls/des.h
index 2b097a1..2b097a1 100644
--- a/vendor/mbedtls/des.h
+++ b/vendor/mbedtls/include/mbedtls/des.h
diff --git a/vendor/mbedtls/dhm.h b/vendor/mbedtls/include/mbedtls/dhm.h
index fcba3d2..fcba3d2 100644
--- a/vendor/mbedtls/dhm.h
+++ b/vendor/mbedtls/include/mbedtls/dhm.h
diff --git a/vendor/mbedtls/ecdh.h b/vendor/mbedtls/include/mbedtls/ecdh.h
index 792db79..a0909d6 100644
--- a/vendor/mbedtls/ecdh.h
+++ b/vendor/mbedtls/include/mbedtls/ecdh.h
@@ -142,6 +142,19 @@ typedef struct mbedtls_ecdh_context {
mbedtls_ecdh_context;
/**
+ * \brief Return the ECP group for provided context.
+ *
+ * \note To access group specific fields, users should use
+ * `mbedtls_ecp_curve_info_from_grp_id` or
+ * `mbedtls_ecp_group_load` on the extracted `group_id`.
+ *
+ * \param ctx The ECDH context to parse. This must not be \c NULL.
+ *
+ * \return The \c mbedtls_ecp_group_id of the context.
+ */
+mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx);
+
+/**
* \brief Check whether a given group can be used for ECDH.
*
* \param gid The ECP group ID to check.
diff --git a/vendor/mbedtls/ecdsa.h b/vendor/mbedtls/include/mbedtls/ecdsa.h
index 2ecf349..2ecf349 100644
--- a/vendor/mbedtls/ecdsa.h
+++ b/vendor/mbedtls/include/mbedtls/ecdsa.h
diff --git a/vendor/mbedtls/ecjpake.h b/vendor/mbedtls/include/mbedtls/ecjpake.h
index c2148a2..c2148a2 100644
--- a/vendor/mbedtls/ecjpake.h
+++ b/vendor/mbedtls/include/mbedtls/ecjpake.h
diff --git a/vendor/mbedtls/ecp.h b/vendor/mbedtls/include/mbedtls/ecp.h
index 7f5e880..d8f73ae 100644
--- a/vendor/mbedtls/ecp.h
+++ b/vendor/mbedtls/include/mbedtls/ecp.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include "mbedtls/bignum.h"
@@ -1259,9 +1260,56 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
+/** \brief Set the public key in a key pair object.
+ *
+ * \note This function does not check that the point actually
+ * belongs to the given group. Call mbedtls_ecp_check_pubkey()
+ * on \p Q before calling this function to check that.
+ *
+ * \note This function does not check that the public key matches
+ * the private key that is already in \p key, if any.
+ * To check the consistency of the resulting key pair object,
+ * call mbedtls_ecp_check_pub_priv() after setting both
+ * the public key and the private key.
+ *
+ * \param grp_id The ECP group identifier.
+ * \param key The key pair object. It must be initialized.
+ * If its group has already been set, it must match \p grp_id.
+ * If its group has not been set, it will be set to \p grp_id.
+ * If the public key has already been set, it is overwritten.
+ * \param Q The public key to copy. This must be a point on the
+ * curve indicated by \p grp_id.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p key does not
+ * match \p grp_id.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+ * the group is not implemented.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id,
+ mbedtls_ecp_keypair *key,
+ const mbedtls_ecp_point *Q);
+
/**
* \brief This function reads an elliptic curve private key.
*
+ * \note This function does not set the public key in the
+ * key pair object. Without a public key, the key pair object
+ * cannot be used with operations that require the public key.
+ * Call mbedtls_ecp_keypair_calc_public() to set the public
+ * key from the private key. Alternatively, you can call
+ * mbedtls_ecp_set_public_key() to set the public key part,
+ * and then optionally mbedtls_ecp_check_pub_priv() to check
+ * that the private and public parts are consistent.
+ *
+ * \note If a public key has already been set in the key pair
+ * object, this function does not check that it is consistent
+ * with the private key. Call mbedtls_ecp_check_pub_priv()
+ * after setting both the public key and the private key
+ * to make that check.
+ *
* \param grp_id The ECP group identifier.
* \param key The destination key.
* \param buf The buffer containing the binary representation of the
@@ -1280,24 +1328,106 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
const unsigned char *buf, size_t buflen);
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief This function exports an elliptic curve private key.
*
+ * \deprecated Note that although this function accepts an output
+ * buffer that is smaller or larger than the key, most key
+ * import interfaces require the output to have exactly
+ * key's nominal length. It is generally simplest to
+ * pass the key's nominal length as \c buflen, after
+ * checking that the output buffer is large enough.
+ * See the description of the \p buflen parameter for
+ * how to calculate the nominal length.
+ * To avoid this difficulty, use mbedtls_ecp_write_key_ext()
+ * instead.
+ * mbedtls_ecp_write_key() is deprecated and will be
+ * removed in a future version of the library.
+ *
+ * \note If the private key was not set in \p key,
+ * the output is unspecified. Future versions
+ * may return an error in that case.
+ *
* \param key The private key.
* \param buf The output buffer for containing the binary representation
- * of the key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
+ * of the key.
+ * For Weierstrass curves, this is the big-endian
+ * representation, padded with null bytes at the beginning
+ * to reach \p buflen bytes.
+ * For Montgomery curves, this is the standard byte string
+ * representation (which is little-endian), padded with
+ * null bytes at the end to reach \p buflen bytes.
+ * \param buflen The total length of the buffer in bytes.
+ * The length of the output is
+ * (`grp->nbits` + 7) / 8 bytes
+ * where `grp->nbits` is the private key size in bits.
+ * For Weierstrass keys, if the output buffer is smaller,
+ * leading zeros are trimmed to fit if possible. For
+ * Montgomery keys, the output buffer must always be large
+ * enough for the nominal length.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
+ * #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
+ * representation is larger than the available space in \p buf.
+ * \return Another negative error code on different kinds of failure.
+ */
+int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+ unsigned char *buf, size_t buflen);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief This function exports an elliptic curve private key.
+ *
+ * \param key The private key.
+ * \param olen On success, the length of the private key.
+ * This is always (`grp->nbits` + 7) / 8 bytes
+ * where `grp->nbits` is the private key size in bits.
+ * \param buf The output buffer for containing the binary representation
+ * of the key.
* \param buflen The total length of the buffer in bytes.
+ * #MBEDTLS_ECP_MAX_BYTES is always sufficient.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
- representation is larger than the available space in \p buf.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
+ * representation is larger than the available space in \p buf.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if no private key is
+ * set in \p key.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen);
+int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key,
+ size_t *olen, unsigned char *buf, size_t buflen);
+
+/**
+ * \brief This function exports an elliptic curve public key.
+ *
+ * \note If the public key was not set in \p key,
+ * the output is unspecified. Future versions
+ * may return an error in that case.
+ *
+ * \param key The public key.
+ * \param format The point format. This must be either
+ * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+ * (For groups without these formats, this parameter is
+ * ignored. But it still has to be either of the above
+ * values.)
+ * \param olen The address at which to store the length of
+ * the output in Bytes. This must not be \c NULL.
+ * \param buf The output buffer. This must be a writable buffer
+ * of length \p buflen Bytes.
+ * \param buflen The length of the output buffer \p buf in Bytes.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+ * is too small to hold the point.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ * or the export for the given group is not implemented.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key,
+ int format, size_t *olen,
+ unsigned char *buf, size_t buflen);
/**
* \brief This function checks that the keypair objects
@@ -1323,16 +1453,52 @@ int mbedtls_ecp_check_pub_priv(
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+/** \brief Calculate the public key from a private key in a key pair.
+ *
+ * \param key A keypair structure. It must have a private key set.
+ * If the public key is set, it will be overwritten.
+ * \param f_rng The RNG function. This must not be \c NULL.
+ * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
+ * NULL if \p f_rng doesn't need a context.
+ *
+ * \return \c 0 on success. The key pair object can be used for
+ * operations that require the public key.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+ * error code on calculation failure.
+ */
+int mbedtls_ecp_keypair_calc_public(
+ mbedtls_ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
+
+/** \brief Query the group that a key pair belongs to.
+ *
+ * \param key The key pair to query.
+ *
+ * \return The group ID for the group registered in the key pair
+ * object.
+ * This is \c MBEDTLS_ECP_DP_NONE if no group has been set
+ * in the key pair object.
+ */
+mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id(
+ const mbedtls_ecp_keypair *key);
+
/**
* \brief This function exports generic key-pair parameters.
*
+ * Each of the output parameters can be a null pointer
+ * if you do not need that parameter.
+ *
+ * \note If the private key or the public key was not set in \p key,
+ * the corresponding output is unspecified. Future versions
+ * may return an error in that case.
+ *
* \param key The key pair to export from.
* \param grp Slot for exported ECP group.
- * It must point to an initialized ECP group.
+ * It must either be null or point to an initialized ECP group.
* \param d Slot for the exported secret value.
- * It must point to an initialized mpi.
+ * It must either be null or point to an initialized mpi.
* \param Q Slot for the exported public value.
- * It must point to an initialized ECP point.
+ * It must either be null or point to an initialized ECP point.
*
* \return \c 0 on success,
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
diff --git a/vendor/mbedtls/entropy.h b/vendor/mbedtls/include/mbedtls/entropy.h
index 20fd687..20fd687 100644
--- a/vendor/mbedtls/entropy.h
+++ b/vendor/mbedtls/include/mbedtls/entropy.h
diff --git a/vendor/mbedtls/error.h b/vendor/mbedtls/include/mbedtls/error.h
index 186589a..186589a 100644
--- a/vendor/mbedtls/error.h
+++ b/vendor/mbedtls/include/mbedtls/error.h
diff --git a/vendor/mbedtls/gcm.h b/vendor/mbedtls/include/mbedtls/gcm.h
index 837cecc..98faa43 100644
--- a/vendor/mbedtls/gcm.h
+++ b/vendor/mbedtls/include/mbedtls/gcm.h
@@ -24,6 +24,10 @@
#include "mbedtls/cipher.h"
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+#include "mbedtls/block_cipher.h"
+#endif
+
#include <stdint.h>
#define MBEDTLS_GCM_ENCRYPT 1
@@ -42,21 +46,31 @@ extern "C" {
#if !defined(MBEDTLS_GCM_ALT)
+#if defined(MBEDTLS_GCM_LARGE_TABLE)
+#define MBEDTLS_GCM_HTABLE_SIZE 256
+#else
+#define MBEDTLS_GCM_HTABLE_SIZE 16
+#endif
+
/**
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context {
- mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
- uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
- uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
- uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
- uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
- unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
- unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
- unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
- int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
- #MBEDTLS_GCM_ENCRYPT or
- #MBEDTLS_GCM_DECRYPT. */
+#if defined(MBEDTLS_BLOCK_CIPHER_C)
+ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
+#else
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+#endif
+ uint64_t MBEDTLS_PRIVATE(H)[MBEDTLS_GCM_HTABLE_SIZE][2]; /*!< Precalculated HTable. */
+ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
+ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
+ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
+ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+ unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
+ #MBEDTLS_GCM_ENCRYPT or
+ #MBEDTLS_GCM_DECRYPT. */
+ unsigned char MBEDTLS_PRIVATE(acceleration); /*!< The acceleration to use. */
}
mbedtls_gcm_context;
diff --git a/vendor/mbedtls/hkdf.h b/vendor/mbedtls/include/mbedtls/hkdf.h
index 930e93f..930e93f 100644
--- a/vendor/mbedtls/hkdf.h
+++ b/vendor/mbedtls/include/mbedtls/hkdf.h
diff --git a/vendor/mbedtls/hmac_drbg.h b/vendor/mbedtls/include/mbedtls/hmac_drbg.h
index 18b1b75..18b1b75 100644
--- a/vendor/mbedtls/hmac_drbg.h
+++ b/vendor/mbedtls/include/mbedtls/hmac_drbg.h
diff --git a/vendor/mbedtls/lms.h b/vendor/mbedtls/include/mbedtls/lms.h
index 95fce21..95fce21 100644
--- a/vendor/mbedtls/lms.h
+++ b/vendor/mbedtls/include/mbedtls/lms.h
diff --git a/vendor/mbedtls/mbedtls_config.h b/vendor/mbedtls/include/mbedtls/mbedtls_config.h
index e1456b9..3592141 100644
--- a/vendor/mbedtls/mbedtls_config.h
+++ b/vendor/mbedtls/include/mbedtls/mbedtls_config.h
@@ -1469,6 +1469,26 @@
//#define MBEDTLS_PSA_INJECT_ENTROPY
/**
+ * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ *
+ * Assume all buffers passed to PSA functions are owned exclusively by the
+ * PSA function and are not stored in shared memory.
+ *
+ * This option may be enabled if all buffers passed to any PSA function reside
+ * in memory that is accessible only to the PSA function during its execution.
+ *
+ * This option MUST be disabled whenever buffer arguments are in memory shared
+ * with an untrusted party, for example where arguments to PSA calls are passed
+ * across a trust boundary.
+ *
+ * \note Enabling this option reduces memory usage and code size.
+ *
+ * \note Enabling this option causes overlap of input and output buffers
+ * not to be supported by PSA functions.
+ */
+//#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+
+/**
* \def MBEDTLS_RSA_NO_CRT
*
* Do not use the Chinese Remainder Theorem
@@ -1724,9 +1744,6 @@
*
* Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
*
- * \warning This extension is currently in development and must NOT be used except
- * for testing purposes.
- *
* Requires: MBEDTLS_SSL_PROTO_TLS1_3
*
* Uncomment this macro to enable support for the record_size_limit extension
@@ -1774,7 +1791,7 @@
*
* Uncomment this macro to enable the support for TLS 1.3.
*/
-//#define MBEDTLS_SSL_PROTO_TLS1_3
+#define MBEDTLS_SSL_PROTO_TLS1_3
/**
* \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -1796,7 +1813,7 @@
* effect on the build.
*
*/
-//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
* \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
@@ -1854,9 +1871,6 @@
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
* is not enabled, this option does not have any effect on the build.
*
- * This feature is experimental, not completed and thus not ready for
- * production.
- *
* \note The maximum amount of early data can be set with
* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.
*
@@ -2191,6 +2205,8 @@
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
*
+ * Requires: MBEDTLS_PKCS1_V21
+ *
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
@@ -2209,7 +2225,7 @@
* Enable AES-NI support on x86-64 or x86-32.
*
* \note AESNI is only supported with certain compilers and target options:
- * - Visual Studio 2013: supported.
+ * - Visual Studio: supported
* - GCC, x86-64, target not explicitly supporting AESNI:
* requires MBEDTLS_HAVE_ASM.
* - GCC, x86-32, target not explicitly supporting AESNI:
@@ -2238,7 +2254,7 @@
/**
* \def MBEDTLS_AESCE_C
*
- * Enable AES cryptographic extension support on 64-bit Arm.
+ * Enable AES cryptographic extension support on Armv8.
*
* Module: library/aesce.c
* Caller: library/aes.c
@@ -2249,13 +2265,15 @@
* system, Armv8-A Cryptographic Extensions must be supported by
* the CPU when this option is enabled.
*
- * \note Minimum compiler versions for this feature are Clang 4.0,
- * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2.
+ * \note Minimum compiler versions for this feature when targeting aarch64
+ * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2.
+ * Minimum compiler versions for this feature when targeting 32-bit
+ * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0.
*
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems.
*/
#define MBEDTLS_AESCE_C
@@ -2375,6 +2393,28 @@
#define MBEDTLS_BASE64_C
/**
+ * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+ *
+ * Remove decryption operation for AES, ARIA and Camellia block cipher.
+ *
+ * \note This feature is incompatible with insecure block cipher,
+ * MBEDTLS_DES_C, and cipher modes which always require decryption
+ * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
+ * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled,
+ * this feature is incompatible with following supported PSA equivalence,
+ * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING,
+ * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES.
+ *
+ * Module: library/aes.c
+ * library/aesce.c
+ * library/aesni.c
+ * library/aria.c
+ * library/camellia.c
+ * library/cipher.c
+ */
+//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+
+/**
* \def MBEDTLS_BIGNUM_C
*
* Enable the multi-precision integer library.
@@ -2553,6 +2593,8 @@
* library/ssl_ciphersuites.c
* library/ssl_msg.c
* library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
+ * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
+ * (see the documentation of that option for details).
*
* Uncomment to enable generic cipher wrappers.
*/
@@ -2583,6 +2625,13 @@
* The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
*
+ * AES support can either be achived through builtin (MBEDTLS_AES_C) or PSA.
+ * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
+ * is used.
+ *
+ * \warning When using PSA, the user should call `psa_crypto_init()` before
+ * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
+ *
* \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
*
* \note To achieve a 256-bit security strength with CTR_DRBG,
@@ -2592,7 +2641,9 @@
* Module: library/ctr_drbg.c
* Caller:
*
- * Requires: MBEDTLS_AES_C
+ * Requires: MBEDTLS_AES_C or
+ * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
+ * MBEDTLS_PSA_CRYPTO_C)
*
* This module provides the CTR_DRBG AES random number generator.
*/
@@ -2764,6 +2815,22 @@
#define MBEDTLS_GCM_C
/**
+ * \def MBEDTLS_GCM_LARGE_TABLE
+ *
+ * Enable large pre-computed tables for Galois/Counter Mode (GCM).
+ * Can significantly increase throughput on systems without GCM hardware
+ * acceleration (e.g., AESNI, AESCE).
+ *
+ * The mbedtls_gcm_context size will increase by 3840 bytes.
+ * The code size will increase by roughly 344 bytes.
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: MBEDTLS_GCM_C
+ */
+//#define MBEDTLS_GCM_LARGE_TABLE
+
+/**
* \def MBEDTLS_HKDF_C
*
* Enable the HKDF algorithm (RFC 5869).
@@ -3022,7 +3089,7 @@
* Caller: library/x509_crt.c
* library/x509_csr.c
*
- * Requires: MBEDTLS_PK_C
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
*
* Uncomment to enable generic public key parse functions.
*/
@@ -3036,7 +3103,7 @@
* Module: library/pkwrite.c
* Caller: library/x509write.c
*
- * Requires: MBEDTLS_PK_C
+ * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
*
* Uncomment to enable generic public key write functions.
*/
@@ -3049,7 +3116,6 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_CIPHER_C
* Auto-enables: MBEDTLS_MD_C
*
* \warning If using a hash that is only provided by PSA drivers, you must
@@ -3084,8 +3150,8 @@
* Module: library/pkcs12.c
* Caller: library/pkparse.c
*
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
- * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ * Requires: MBEDTLS_ASN1_PARSE_C and either MBEDTLS_MD_C or
+ * MBEDTLS_PSA_CRYPTO_C.
*
* \warning If using a hash that is only provided by PSA drivers, you must
* call psa_crypto_init() before doing any PKCS12 operations.
@@ -3131,11 +3197,12 @@
*
* Module: library/psa_crypto.c
*
- * Requires: MBEDTLS_CIPHER_C,
- * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- *
+ * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
+ * is enabled in PSA (unless it's fully accelerated, see
+ * docs/driver-only-builds.md about that).
*/
#define MBEDTLS_PSA_CRYPTO_C
@@ -3148,6 +3215,9 @@
* \deprecated This feature is deprecated. Please switch to the PSA driver
* interface.
*
+ * \warning This feature is not thread-safe, and should not be used in a
+ * multi-threaded environment.
+ *
* Module: library/psa_crypto_se.c
*
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
@@ -3261,14 +3331,14 @@
#define MBEDTLS_SHA256_C
/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
*
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
* with the ARMv8 cryptographic extensions if they are available at runtime.
* If not, the library will fall back to the C implementation.
*
- * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
- * for a non-Aarch64 build it will be silently ignored.
+ * \note If MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Armv8-A build it will be silently ignored.
*
* \note Minimum compiler versions for this feature are Clang 4.0,
* armclang 6.6 or GCC 6.0.
@@ -3276,27 +3346,40 @@
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
- * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ * That name is deprecated, but may still be used as an alternative form for this
+ * option.
+ *
+ * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
*
* Requires: MBEDTLS_SHA256_C.
*
* Module: library/sha256.c
*
- * Uncomment to have the library check for the A64 SHA-256 crypto extensions
+ * Uncomment to have the library check for the Armv8-A SHA-256 crypto extensions
* and use them if available.
*/
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
+ * This name is now deprecated, but may still be used as an alternative form for
+ * this option.
+ */
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
/**
- * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ * \def MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
*
* Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
* with the ARMv8 cryptographic extensions, which must be available at runtime
* or else an illegal instruction fault will occur.
*
* \note This allows builds with a smaller code size than with
- * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ * MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
*
* \note Minimum compiler versions for this feature are Clang 4.0,
* armclang 6.6 or GCC 6.0.
@@ -3304,16 +3387,29 @@
* \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for
* armclang <= 6.9
*
- * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
- * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ * \note This was previously known as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ * That name is deprecated, but may still be used as an alternative form for this
+ * option.
+ *
+ * \warning MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT.
*
* Requires: MBEDTLS_SHA256_C.
*
* Module: library/sha256.c
*
- * Uncomment to have the library use the A64 SHA-256 crypto extensions
+ * Uncomment to have the library use the Armv8-A SHA-256 crypto extensions
* unconditionally.
*/
+//#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ *
+ * \deprecated This is now known as MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY.
+ * This name is now deprecated, but may still be used as an alternative form for
+ * this option.
+ */
//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
/**
@@ -4057,36 +4153,35 @@
* \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
*
* The default maximum amount of 0-RTT data. See the documentation of
- * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ * \c mbedtls_ssl_conf_max_early_data_size() for more information.
*
* It must be positive and smaller than UINT32_MAX.
*
* If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
* have any impact on the build.
- *
- * This feature is experimental, not completed and thus not ready for
- * production.
- *
*/
//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024
/**
* \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
*
- * Maximum time difference in milliseconds tolerated between the age of a
- * ticket from the server and client point of view.
- * From the client point of view, the age of a ticket is the time difference
- * between the time when the client proposes to the server to use the ticket
- * (time of writing of the Pre-Shared Key Extension including the ticket) and
- * the time the client received the ticket from the server.
- * From the server point of view, the age of a ticket is the time difference
- * between the time when the server receives a proposition from the client
- * to use the ticket and the time when the ticket was created by the server.
- * The server age is expected to be always greater than the client one and
- * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
- * maximum difference tolerated for the server to accept the ticket.
- * This is not used in TLS 1.2.
+ * Maximum allowed ticket age difference in milliseconds tolerated between
+ * server and client. Default value is 6000. This is not used in TLS 1.2.
+ *
+ * - The client ticket age is the time difference between the time when the
+ * client proposes to the server to use the ticket and the time the client
+ * received the ticket from the server.
+ * - The server ticket age is the time difference between the time when the
+ * server receives a proposition from the client to use the ticket and the
+ * time when the ticket was created by the server.
+ *
+ * The ages might be different due to the client and server clocks not running
+ * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts
+ * per million (360 to 72 milliseconds per hour). Default tolerance window is
+ * 6s, thus in the worst case clients and servers must sync up their system time
+ * every 6000/360/2~=8 hours.
*
+ * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information.
*/
//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
diff --git a/vendor/mbedtls/md.h b/vendor/mbedtls/include/mbedtls/md.h
index ff7b133..478e9f7 100644
--- a/vendor/mbedtls/md.h
+++ b/vendor/mbedtls/include/mbedtls/md.h
@@ -20,120 +20,6 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform_util.h"
-#if defined(MBEDTLS_MD_LIGHT)
-
-/*
- * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
- * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
- * (see below).
- * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
- * via PSA (see below).
- * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
- * via a direct legacy call (see below).
- *
- * The md module performs an algorithm via PSA if there is a PSA hash
- * accelerator and the PSA driver subsytem is initialized at the time the
- * operation is started, and makes a direct legacy call otherwise.
- */
-
-/* PSA accelerated implementations */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_MD_CAN_MD5
-#define MBEDTLS_MD_MD5_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_MD_CAN_SHA1
-#define MBEDTLS_MD_SHA1_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_MD_CAN_SHA224
-#define MBEDTLS_MD_SHA224_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_MD_CAN_SHA256
-#define MBEDTLS_MD_SHA256_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_MD_CAN_SHA384
-#define MBEDTLS_MD_SHA384_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_MD_CAN_SHA512
-#define MBEDTLS_MD_SHA512_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_MD_CAN_RIPEMD160
-#define MBEDTLS_MD_RIPEMD160_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
-#define MBEDTLS_MD_CAN_SHA3_224
-#define MBEDTLS_MD_SHA3_224_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
-#define MBEDTLS_MD_CAN_SHA3_256
-#define MBEDTLS_MD_SHA3_256_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
-#define MBEDTLS_MD_CAN_SHA3_384
-#define MBEDTLS_MD_SHA3_384_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
-#define MBEDTLS_MD_CAN_SHA3_512
-#define MBEDTLS_MD_SHA3_512_VIA_PSA
-#define MBEDTLS_MD_SOME_PSA
-#endif
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/* Built-in implementations */
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_MD_CAN_MD5
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_MD_CAN_SHA1
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_MD_CAN_SHA224
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_MD_CAN_SHA256
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_MD_CAN_SHA384
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_CAN_SHA512
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_SHA3_C)
-#define MBEDTLS_MD_CAN_SHA3_224
-#define MBEDTLS_MD_CAN_SHA3_256
-#define MBEDTLS_MD_CAN_SHA3_384
-#define MBEDTLS_MD_CAN_SHA3_512
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_MD_CAN_RIPEMD160
-#define MBEDTLS_MD_SOME_LEGACY
-#endif
-
-#endif /* MBEDTLS_MD_LIGHT */
-
/** The selected feature is not available. */
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
/** Bad input parameters to function. */
diff --git a/vendor/mbedtls/md5.h b/vendor/mbedtls/include/mbedtls/md5.h
index 6bf0754..6bf0754 100644
--- a/vendor/mbedtls/md5.h
+++ b/vendor/mbedtls/include/mbedtls/md5.h
diff --git a/vendor/mbedtls/memory_buffer_alloc.h b/vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h
index b527d9b..b527d9b 100644
--- a/vendor/mbedtls/memory_buffer_alloc.h
+++ b/vendor/mbedtls/include/mbedtls/memory_buffer_alloc.h
diff --git a/vendor/mbedtls/net_sockets.h b/vendor/mbedtls/include/mbedtls/net_sockets.h
index 026f627..85c1197 100644
--- a/vendor/mbedtls/net_sockets.h
+++ b/vendor/mbedtls/include/mbedtls/net_sockets.h
@@ -143,7 +143,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
* \param client_ctx Will contain the connected client socket
* \param client_ip Will contain the client IP address, can be NULL
* \param buf_size Size of the client_ip buffer
- * \param ip_len Will receive the size of the client IP written,
+ * \param cip_len Will receive the size of the client IP written,
* can be NULL if client_ip is null
*
* \return 0 if successful, or
@@ -156,7 +156,7 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
*/
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
mbedtls_net_context *client_ctx,
- void *client_ip, size_t buf_size, size_t *ip_len);
+ void *client_ip, size_t buf_size, size_t *cip_len);
/**
* \brief Check and wait for the context to be ready for read/write
diff --git a/vendor/mbedtls/nist_kw.h b/vendor/mbedtls/include/mbedtls/nist_kw.h
index d353f3d..d353f3d 100644
--- a/vendor/mbedtls/nist_kw.h
+++ b/vendor/mbedtls/include/mbedtls/nist_kw.h
diff --git a/vendor/mbedtls/oid.h b/vendor/mbedtls/include/mbedtls/oid.h
index e48817d..fdc25eb 100644
--- a/vendor/mbedtls/oid.h
+++ b/vendor/mbedtls/include/mbedtls/oid.h
@@ -288,12 +288,17 @@
#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
/*
- * Encryption algorithms
+ * Encryption algorithms,
+ * the following standardized object identifiers are specified at
+ * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
*/
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
+#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
+#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
+#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
/*
* Key Wrapping algorithms
@@ -698,7 +703,6 @@ int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg);
-#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_PKCS12_C)
/**
@@ -714,6 +718,7 @@ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_
int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
mbedtls_cipher_type_t *cipher_alg);
#endif /* MBEDTLS_PKCS12_C */
+#endif /* MBEDTLS_CIPHER_C */
#ifdef __cplusplus
}
diff --git a/vendor/mbedtls/pem.h b/vendor/mbedtls/include/mbedtls/pem.h
index cc617a9..3c6a28d 100644
--- a/vendor/mbedtls/pem.h
+++ b/vendor/mbedtls/include/mbedtls/pem.h
@@ -73,11 +73,11 @@ void mbedtls_pem_init(mbedtls_pem_context *ctx);
* \param data source data to look in (must be nul-terminated)
* \param pwd password for decryption (can be NULL)
* \param pwdlen length of password
- * \param use_len destination for total length used (set after header is
- * correctly read, so unless you get
+ * \param use_len destination for total length used from data buffer. It is
+ * set after header is correctly read, so unless you get
* MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
* MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
- * the length to skip)
+ * the length to skip.
*
* \note Attempts to check password correctness by verifying if
* the decrypted text starts with an ASN.1 sequence of
diff --git a/vendor/mbedtls/pk.h b/vendor/mbedtls/include/mbedtls/pk.h
index 24b1188..52f4cc6 100644
--- a/vendor/mbedtls/pk.h
+++ b/vendor/mbedtls/include/mbedtls/pk.h
@@ -28,7 +28,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa/crypto.h"
#endif
@@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options {
#define MBEDTLS_PK_USE_PSA_EC_DATA
#endif
-/* Helper symbol to state that the PK module has support for EC keys. This
- * can either be provided through the legacy ECP solution or through the
- * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PK_HAVE_ECC_KEYS
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
-
/**
* \brief Types for interfacing with the debug module
*/
@@ -229,7 +222,7 @@ typedef struct mbedtls_pk_context {
void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
/* The following field is used to store the ID of a private key in the
* following cases:
- * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined
+ * - opaque key when MBEDTLS_USE_PSA_CRYPTO is defined
* - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case:
* - the pk_ctx above is not not used to store the private key anymore.
* Actually that field not populated at all in this case because also
@@ -239,15 +232,10 @@ typedef struct mbedtls_pk_context {
*
* Note: this private key storing solution only affects EC keys, not the
* other ones. The latters still use the pk_ctx to store their own
- * context.
- *
- * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by
- * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because,
- * when working with opaque keys, it can be used also in
- * mbedtls_pk_sign_ext for RSA keys. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+ * context. */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* The following fields are meant for storing the public key in raw format
* which is handy for:
* - easily importing it into the PSA context
@@ -258,6 +246,8 @@ typedef struct mbedtls_pk_context {
* inside the ecp_keypair structure
* - the following fields are used for all public key operations: signature
* verify, key pair check and key write.
+ * - For a key pair, priv_id contains the private key. For a public key,
+ * priv_id is null.
* Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
* ecp_keypair structure is used for storing the public key and performing
* all the operations.
@@ -369,32 +359,40 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Initialize a PK context to wrap a PSA key.
- *
- * \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key instead of
- * storing and manipulating the key material directly.
- *
- * \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC or RSA key
- * pair (see notes below).
- *
- * \note The wrapped key must remain valid as long as the
- * wrapping PK context is in use, that is at least between
- * the point this function is called and the point
- * mbedtls_pk_free() is called on this context. The wrapped
- * key might then be independently used or destroyed.
- *
- * \note This function is currently only available for ECC or RSA
- * key pairs (that is, keys containing private key material).
- * Support for other key types may be added later.
- *
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key identifier).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- * ECC key pair.
- * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ * \brief Initialize a PK context to wrap a PSA key.
+ *
+ * This function creates a PK context which wraps a PSA key. The PSA wrapped
+ * key must be an EC or RSA key pair (DH is not suported in the PK module).
+ *
+ * Under the hood PSA functions will be used to perform the required
+ * operations and, based on the key type, used algorithms will be:
+ * * EC:
+ * * verify, verify_ext, sign, sign_ext: ECDSA.
+ * * RSA:
+ * * sign, decrypt: use the primary algorithm in the wrapped PSA key;
+ * * sign_ext: RSA PSS if the pk_type is #MBEDTLS_PK_RSASSA_PSS, otherwise
+ * it falls back to the sign() case;
+ * * verify, verify_ext, encrypt: not supported.
+ *
+ * In order for the above operations to succeed, the policy of the wrapped PSA
+ * key must allow the specified algorithm.
+ *
+ * Opaque PK contexts wrapping an EC keys also support \c mbedtls_pk_check_pair(),
+ * whereas RSA ones do not.
+ *
+ * \warning The PSA wrapped key must remain valid as long as the wrapping PK
+ * context is in use, that is at least between the point this function
+ * is called and the point mbedtls_pk_free() is called on this context.
+ *
+ * \param ctx The context to initialize. It must be empty (type NONE).
+ * \param key The PSA key to wrap, which must hold an ECC or RSA key pair.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already
+ * used, invalid key identifier).
+ * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC or
+ * RSA key pair.
+ * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
const mbedtls_svc_key_id_t key);
@@ -468,7 +466,7 @@ int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
* PSA_ALG_RSA_PKCS1V15_CRYPT,
* PSA_ALG_ECDSA(hash),
* PSA_ALG_ECDH, where hash is a specific hash.
- * \param usage PSA usage flag to check against, must be composed of:
+ * \param usage PSA usage flag to check against, must be composed of:
* PSA_KEY_USAGE_SIGN_HASH
* PSA_KEY_USAGE_DECRYPT
* PSA_KEY_USAGE_DERIVE.
@@ -489,6 +487,237 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
psa_key_usage_t usage);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+/**
+ * \brief Determine valid PSA attributes that can be used to
+ * import a key into PSA.
+ *
+ * The attributes determined by this function are suitable
+ * for calling mbedtls_pk_import_into_psa() to create
+ * a PSA key with the same key material.
+ *
+ * The typical flow of operations involving this function is
+ * ```
+ * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ * int ret = mbedtls_pk_get_psa_attributes(pk, &attributes);
+ * if (ret != 0) ...; // error handling omitted
+ * // Tweak attributes if desired
+ * psa_key_id_t key_id = 0;
+ * ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id);
+ * if (ret != 0) ...; // error handling omitted
+ * ```
+ *
+ * \note This function does not support RSA-alt contexts
+ * (set up with mbedtls_pk_setup_rsa_alt()).
+ *
+ * \param[in] pk The PK context to use. It must have been set up.
+ * It can either contain a key pair or just a public key.
+ * \param usage A single `PSA_KEY_USAGE_xxx` flag among the following:
+ * - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a
+ * key pair. The output \p attributes will contain a
+ * key pair type, and the usage policy will allow
+ * #PSA_KEY_USAGE_ENCRYPT as well as
+ * #PSA_KEY_USAGE_DECRYPT.
+ * - #PSA_KEY_USAGE_DERIVE: \p pk must contain a
+ * key pair. The output \p attributes will contain a
+ * key pair type.
+ * - #PSA_KEY_USAGE_ENCRYPT: The output
+ * \p attributes will contain a public key type.
+ * - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a
+ * key pair. The output \p attributes will contain a
+ * key pair type, and the usage policy will allow
+ * #PSA_KEY_USAGE_VERIFY_HASH as well as
+ * #PSA_KEY_USAGE_SIGN_HASH.
+ * - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a
+ * key pair. The output \p attributes will contain a
+ * key pair type, and the usage policy will allow
+ * #PSA_KEY_USAGE_VERIFY_MESSAGE as well as
+ * #PSA_KEY_USAGE_SIGN_MESSAGE.
+ * - #PSA_KEY_USAGE_VERIFY_HASH: The output
+ * \p attributes will contain a public key type.
+ * - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output
+ * \p attributes will contain a public key type.
+ * \param[out] attributes
+ * On success, valid attributes to import the key into PSA.
+ * - The lifetime and key identifier are unchanged. If the
+ * attribute structure was initialized or reset before
+ * calling this function, this will result in a volatile
+ * key. Call psa_set_key_identifier() before or after this
+ * function if you wish to create a persistent key. Call
+ * psa_set_key_lifetime() before or after this function if
+ * you wish to import the key in a secure element.
+ * - The key type and bit-size are determined by the contents
+ * of the PK context. If the PK context contains a key
+ * pair, the key type can be either a key pair type or
+ * the corresponding public key type, depending on
+ * \p usage. If the PK context contains a public key,
+ * the key type is a public key type.
+ * - The key's policy is determined by the key type and
+ * the \p usage parameter. The usage always allows
+ * \p usage, exporting and copying the key, and
+ * possibly other permissions as documented for the
+ * \p usage parameter.
+ * The permitted algorithm policy is determined as follows
+ * based on the #mbedtls_pk_type_t type of \p pk,
+ * the chosen \p usage and other factors:
+ * - #MBEDTLS_PK_RSA whose underlying
+ * #mbedtls_rsa_context has the padding mode
+ * #MBEDTLS_RSA_PKCS_V15:
+ * #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH)
+ * if \p usage is SIGN/VERIFY, and
+ * #PSA_ALG_RSA_PKCS1V15_CRYPT
+ * if \p usage is ENCRYPT/DECRYPT.
+ * - #MBEDTLS_PK_RSA whose underlying
+ * #mbedtls_rsa_context has the padding mode
+ * #MBEDTLS_RSA_PKCS_V21 and the digest type
+ * corresponding to the PSA algorithm \c hash:
+ * #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH)
+ * if \p usage is SIGN/VERIFY, and
+ * #PSA_ALG_RSA_OAEP(\c hash)
+ * if \p usage is ENCRYPT/DECRYPT.
+ * - #MBEDTLS_PK_RSA_ALT: not supported.
+ * - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY
+ * if \p usage is SIGN/VERIFY:
+ * #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH)
+ * if #MBEDTLS_ECDSA_DETERMINISTIC is enabled,
+ * otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH).
+ * - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY
+ * if \p usage is DERIVE:
+ * #PSA_ALG_ECDH.
+ * - #MBEDTLS_PK_OPAQUE: same as the primary algorithm
+ * set for the underlying PSA key, except that
+ * sign/decrypt flags are removed if the type is
+ * set to a public key type.
+ * The underlying key must allow \p usage.
+ * Note that the enrollment algorithm set with
+ * psa_set_key_enrollment_algorithm() is not copied.
+ *
+ * \return 0 on success.
+ * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
+ * a key of the type identified in \p attributes.
+ * Another error code on other failures.
+ */
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+ psa_key_usage_t usage,
+ psa_key_attributes_t *attributes);
+
+/**
+ * \brief Import a key into the PSA key store.
+ *
+ * This function is equivalent to calling psa_import_key()
+ * with the key material from \p pk.
+ *
+ * The typical way to use this function is:
+ * -# Call mbedtls_pk_get_psa_attributes() to obtain
+ * attributes for the given key.
+ * -# If desired, modify the attributes, for example:
+ * - To create a persistent key, call
+ * psa_set_key_identifier() and optionally
+ * psa_set_key_lifetime().
+ * - To import only the public part of a key pair:
+ *
+ * psa_set_key_type(&attributes,
+ * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
+ * psa_get_key_type(&attributes)));
+ * - Restrict the key usage if desired.
+ * -# Call mbedtls_pk_import_into_psa().
+ *
+ * \note This function does not support RSA-alt contexts
+ * (set up with mbedtls_pk_setup_rsa_alt()).
+ *
+ * \param[in] pk The PK context to use. It must have been set up.
+ * It can either contain a key pair or just a public key.
+ * \param[in] attributes
+ * The attributes to use for the new key. They must be
+ * compatible with \p pk. In particular, the key type
+ * must match the content of \p pk.
+ * If \p pk contains a key pair, the key type in
+ * attributes can be either the key pair type or the
+ * corresponding public key type (to import only the
+ * public part).
+ * \param[out] key_id
+ * On success, the identifier of the newly created key.
+ * On error, this is #MBEDTLS_SVC_KEY_ID_INIT.
+ *
+ * \return 0 on success.
+ * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
+ * a key of the type identified in \p attributes.
+ * Another error code on other failures.
+ */
+int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
+ const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *key_id);
+
+/**
+ * \brief Create a PK context starting from a key stored in PSA.
+ * This key:
+ * - must be exportable and
+ * - must be an RSA or EC key pair or public key (FFDH is not supported in PK).
+ *
+ * The resulting PK object will be a transparent type:
+ * - #MBEDTLS_PK_RSA for RSA keys or
+ * - #MBEDTLS_PK_ECKEY for EC keys.
+ *
+ * Once this functions returns the PK object will be completely
+ * independent from the original PSA key that it was generated
+ * from.
+ * Calling mbedtls_pk_sign(), mbedtls_pk_verify(),
+ * mbedtls_pk_encrypt(), mbedtls_pk_decrypt() on the resulting
+ * PK context will perform the corresponding algorithm for that
+ * PK context type.
+ * * For ECDSA, the choice of deterministic vs randomized will
+ * be based on the compile-time setting #MBEDTLS_ECDSA_DETERMINISTIC.
+ * * For an RSA key, the output PK context will allow both
+ * encrypt/decrypt and sign/verify regardless of the original
+ * key's policy.
+ * The original key's policy determines the output key's padding
+ * mode: PCKS1 v2.1 is set if the PSA key policy is OAEP or PSS,
+ * otherwise PKCS1 v1.5 is set.
+ *
+ * \param key_id The key identifier of the key stored in PSA.
+ * \param pk The PK context that will be filled. It must be initialized,
+ * but not set up.
+ *
+ * \return 0 on success.
+ * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA in case the provided input
+ * parameters are not correct.
+ */
+int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id, mbedtls_pk_context *pk);
+
+/**
+ * \brief Create a PK context for the public key of a PSA key.
+ *
+ * The key must be an RSA or ECC key. It can be either a
+ * public key or a key pair, and only the public key is copied.
+ * The resulting PK object will be a transparent type:
+ * - #MBEDTLS_PK_RSA for RSA keys or
+ * - #MBEDTLS_PK_ECKEY for EC keys.
+ *
+ * Once this functions returns the PK object will be completely
+ * independent from the original PSA key that it was generated
+ * from.
+ * Calling mbedtls_pk_verify() or
+ * mbedtls_pk_encrypt() on the resulting
+ * PK context will perform the corresponding algorithm for that
+ * PK context type.
+ *
+ * For an RSA key, the output PK context will allow both
+ * encrypt and verify regardless of the original key's policy.
+ * The original key's policy determines the output key's padding
+ * mode: PCKS1 v2.1 is set if the PSA key policy is OAEP or PSS,
+ * otherwise PKCS1 v1.5 is set.
+ *
+ * \param key_id The key identifier of the key stored in PSA.
+ * \param pk The PK context that will be filled. It must be initialized,
+ * but not set up.
+ *
+ * \return 0 on success.
+ * \return MBEDTLS_ERR_PK_BAD_INPUT_DATA in case the provided input
+ * parameters are not correct.
+ */
+int mbedtls_pk_copy_public_from_psa(mbedtls_svc_key_id_t key_id, mbedtls_pk_context *pk);
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
/**
* \brief Verify signature (including padding if relevant).
*
@@ -507,14 +736,17 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
* \param sig Signature to verify
* \param sig_len Signature length
*
+ * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
+ * either PKCS#1 v1.5 or PSS (accepting any salt length),
+ * depending on the padding mode in the underlying RSA context.
+ * For a pk object constructed by parsing, this is PKCS#1 v1.5
+ * by default. Use mbedtls_pk_verify_ext() to explicitly select
+ * a different algorithm.
+ *
* \return 0 on success (signature is valid),
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
* signature in \p sig but its length is less than \p sig_len,
* or a specific error code.
- *
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- * to verify RSASSA_PSS signatures.
*/
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -601,11 +833,15 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
* \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
- * \return 0 on success, or a specific error code.
+ * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
+ * either PKCS#1 v1.5 or PSS (using the largest possible salt
+ * length up to the hash length), depending on the padding mode
+ * in the underlying RSA context. For a pk object constructed
+ * by parsing, this is PKCS#1 v1.5 by default. Use
+ * mbedtls_pk_verify_ext() to explicitly select a different
+ * algorithm.
*
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
- * There is no interface in the PK module to make RSASSA-PSS
- * signatures yet.
+ * \return 0 on success, or a specific error code.
*
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
@@ -615,7 +851,6 @@ int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
/**
* \brief Make signature given a signature type.
*
@@ -652,7 +887,6 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
/**
* \brief Restartable version of \c mbedtls_pk_sign()
@@ -703,7 +937,10 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
* \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
+ * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
+ * either PKCS#1 v1.5 or OAEP, depending on the padding mode in
+ * the underlying RSA context. For a pk object constructed by
+ * parsing, this is PKCS#1 v1.5 by default.
*
* \return 0 on success, or a specific error code.
*/
@@ -724,9 +961,12 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
* \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
*
- * \note \p f_rng is used for padding generation.
+ * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
+ * either PKCS#1 v1.5 or OAEP, depending on the padding mode in
+ * the underlying RSA context. For a pk object constructed by
+ * parsing, this is PKCS#1 v1.5 by default.
*
- * \note For RSA keys, the default padding type is PKCS#1 v1.5.
+ * \note \p f_rng is used for padding generation.
*
* \return 0 on success, or a specific error code.
*/
@@ -1049,41 +1289,6 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key);
#endif /* MBEDTLS_PK_WRITE_C */
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief Turn an EC or RSA key into an opaque one.
- *
- * \warning This is a temporary utility function for tests. It might
- * change or be removed at any time without notice.
- *
- * \param pk Input: the EC or RSA key to import to a PSA key.
- * Output: a PK context wrapping that PSA key.
- * \param key Output: a PSA key identifier.
- * It's the caller's responsibility to call
- * psa_destroy_key() on that key identifier after calling
- * mbedtls_pk_free() on the PK context.
- * \param alg The algorithm to allow for use with that key.
- * \param usage The usage to allow for use with that key.
- * \param alg2 The secondary algorithm to allow for use with that key.
- *
- * \return \c 0 if successful.
- * \return An Mbed TLS error code otherwise.
- */
-int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
- mbedtls_svc_key_id_t *key,
- psa_algorithm_t alg,
- psa_key_usage_t usage,
- psa_algorithm_t alg2);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
#ifdef __cplusplus
}
#endif
diff --git a/vendor/mbedtls/pkcs12.h b/vendor/mbedtls/include/mbedtls/pkcs12.h
index 42e8453..87f7681 100644
--- a/vendor/mbedtls/pkcs12.h
+++ b/vendor/mbedtls/include/mbedtls/pkcs12.h
@@ -31,14 +31,14 @@
#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
-#define MBEDTLS_PKCS12_PBE_DECRYPT 0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
+#define MBEDTLS_PKCS12_PBE_DECRYPT MBEDTLS_DECRYPT
+#define MBEDTLS_PKCS12_PBE_ENCRYPT MBEDTLS_ENCRYPT
#ifdef __cplusplus
extern "C" {
#endif
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
@@ -145,7 +145,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */
/**
* \brief The PKCS#12 derivation function uses a password and a salt
diff --git a/vendor/mbedtls/pkcs5.h b/vendor/mbedtls/include/mbedtls/pkcs5.h
index e004f45..9ba5689 100644
--- a/vendor/mbedtls/pkcs5.h
+++ b/vendor/mbedtls/include/mbedtls/pkcs5.h
@@ -17,6 +17,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
+#include "mbedtls/cipher.h"
#include <stddef.h>
#include <stdint.h>
@@ -30,14 +31,14 @@
/** Given private key password does not allow for correct decryption. */
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
-#define MBEDTLS_PKCS5_DECRYPT 0
-#define MBEDTLS_PKCS5_ENCRYPT 1
+#define MBEDTLS_PKCS5_DECRYPT MBEDTLS_DECRYPT
+#define MBEDTLS_PKCS5_ENCRYPT MBEDTLS_ENCRYPT
#ifdef __cplusplus
extern "C" {
#endif
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
@@ -129,7 +130,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
-#endif /* MBEDTLS_ASN1_PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C*/
/**
* \brief PKCS#5 PBKDF2 using HMAC without using the HMAC context
diff --git a/vendor/mbedtls/pkcs7.h b/vendor/mbedtls/include/mbedtls/pkcs7.h
index 70b25a9..e9b4822 100644
--- a/vendor/mbedtls/pkcs7.h
+++ b/vendor/mbedtls/include/mbedtls/pkcs7.h
@@ -41,7 +41,6 @@
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
-#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
/**
diff --git a/vendor/mbedtls/platform.h b/vendor/mbedtls/include/mbedtls/platform.h
index de3d71d..de3d71d 100644
--- a/vendor/mbedtls/platform.h
+++ b/vendor/mbedtls/include/mbedtls/platform.h
diff --git a/vendor/mbedtls/platform_time.h b/vendor/mbedtls/include/mbedtls/platform_time.h
index 97f1963..97f1963 100644
--- a/vendor/mbedtls/platform_time.h
+++ b/vendor/mbedtls/include/mbedtls/platform_time.h
diff --git a/vendor/mbedtls/platform_util.h b/vendor/mbedtls/include/mbedtls/platform_util.h
index cba02ab..1b371ef 100644
--- a/vendor/mbedtls/platform_util.h
+++ b/vendor/mbedtls/include/mbedtls/platform_util.h
@@ -23,10 +23,6 @@
extern "C" {
#endif
-/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) do { } while (0)
-#define MBEDTLS_INTERNAL_VALIDATE(cond) do { } while (0)
-
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/vendor/mbedtls/poly1305.h b/vendor/mbedtls/include/mbedtls/poly1305.h
index 61bcaa6..61bcaa6 100644
--- a/vendor/mbedtls/poly1305.h
+++ b/vendor/mbedtls/include/mbedtls/poly1305.h
diff --git a/vendor/mbedtls/private_access.h b/vendor/mbedtls/include/mbedtls/private_access.h
index 580f3eb..580f3eb 100644
--- a/vendor/mbedtls/private_access.h
+++ b/vendor/mbedtls/include/mbedtls/private_access.h
diff --git a/vendor/mbedtls/include/mbedtls/psa_util.h b/vendor/mbedtls/include/mbedtls/psa_util.h
new file mode 100644
index 0000000..c78cc23
--- /dev/null
+++ b/vendor/mbedtls/include/mbedtls/psa_util.h
@@ -0,0 +1,188 @@
+/**
+ * \file psa_util.h
+ *
+ * \brief Utility functions for the use of the PSA Crypto library.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_PSA_UTIL_H
+#define MBEDTLS_PSA_UTIL_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+/* ASN1 defines used in the ECDSA conversion functions.
+ * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here
+ * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
+#include <mbedtls/asn1write.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+
+/** The random generator function for the PSA subsystem.
+ *
+ * This function is suitable as the `f_rng` random generator function
+ * parameter of many `mbedtls_xxx` functions.
+ *
+ * The implementation of this function depends on the configuration of the
+ * library.
+ *
+ * \note This function may only be used if the PSA crypto subsystem is active.
+ * This means that you must call psa_crypto_init() before any call to
+ * this function, and you must not call this function after calling
+ * mbedtls_psa_crypto_free().
+ *
+ * \param p_rng This parameter is only kept for backward compatibility
+ * reasons with legacy `f_rng` functions and it's ignored.
+ * Set to #MBEDTLS_PSA_RANDOM_STATE or NULL.
+ * \param output The buffer to fill. It must have room for
+ * \c output_size bytes.
+ * \param output_size The number of bytes to write to \p output.
+ * This function may fail if \p output_size is too
+ * large. It is guaranteed to accept any output size
+ * requested by Mbed TLS library functions. The
+ * maximum request size depends on the library
+ * configuration.
+ *
+ * \return \c 0 on success.
+ * \return An `MBEDTLS_ERR_ENTROPY_xxx`,
+ * `MBEDTLS_ERR_PLATFORM_xxx,
+ * `MBEDTLS_ERR_CTR_DRBG_xxx` or
+ * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
+ */
+int mbedtls_psa_get_random(void *p_rng,
+ unsigned char *output,
+ size_t output_size);
+
+/** The random generator state for the PSA subsystem.
+ *
+ * This macro always expands to NULL because the `p_rng` parameter is unused
+ * in mbedtls_psa_get_random(), but it's kept for interface's backward
+ * compatibility.
+ */
+#define MBEDTLS_PSA_RANDOM_STATE NULL
+
+/** \defgroup psa_tls_helpers TLS helper functions
+ * @{
+ */
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#include <mbedtls/ecp.h>
+
+/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
+ *
+ * \param grpid An Mbed TLS elliptic curve identifier
+ * (`MBEDTLS_ECP_DP_xxx`).
+ * \param[out] bits On success the bit size of the curve; 0 on failure.
+ *
+ * \return If the curve is supported in the PSA API, this function
+ * returns the proper PSA curve identifier
+ * (`PSA_ECC_FAMILY_xxx`). This holds even if the curve is
+ * not supported by the ECP module.
+ * \return \c 0 if the curve is not supported in the PSA API.
+ */
+psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
+ size_t *bits);
+
+/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+ *
+ * \param family A PSA elliptic curve family identifier
+ * (`PSA_ECC_FAMILY_xxx`).
+ * \param bits The bit-length of a private key on \p curve.
+ *
+ * \return If the curve is supported in the PSA API, this function
+ * returns the corresponding Mbed TLS elliptic curve
+ * identifier (`MBEDTLS_ECP_DP_xxx`).
+ * \return #MBEDTLS_ECP_DP_NONE if the combination of \c curve
+ * and \p bits is not supported.
+ */
+mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
+ size_t bits);
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+/**
+ * \brief This function returns the PSA algorithm identifier
+ * associated with the given digest type.
+ *
+ * \param md_type The type of digest to search for. Must not be NONE.
+ *
+ * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will
+ * not return \c PSA_ALG_NONE, but an invalid algorithm.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The PSA algorithm identifier associated with \p md_type,
+ * regardless of whether it is supported or not.
+ */
+static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+ return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
+}
+
+/**
+ * \brief This function returns the given digest type
+ * associated with the PSA algorithm identifier.
+ *
+ * \param psa_alg The PSA algorithm identifier to search for.
+ *
+ * \warning This function does not check if the algorithm is
+ * supported, it always returns the corresponding identifier.
+ *
+ * \return The MD type associated with \p psa_alg,
+ * regardless of whether it is supported or not.
+ */
+static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+ return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
+}
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
+#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
+
+/** Convert an ECDSA signature from raw format to DER ASN.1 format.
+ *
+ * \param bits Size of each coordinate in bits.
+ * \param raw Buffer that contains the signature in raw format.
+ * \param raw_len Length of \p raw in bytes. This must be
+ * PSA_BITS_TO_BYTES(bits) bytes.
+ * \param[out] der Buffer that will be filled with the converted DER
+ * output. It can overlap with raw buffer.
+ * \param der_size Size of \p der in bytes. It is enough if \p der_size
+ * is at least the size of the actual output. (The size
+ * of the output can vary depending on the presence of
+ * leading zeros in the data.) You can use
+ * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a
+ * size that is large enough for all signatures for a
+ * given value of \p bits.
+ * \param[out] der_len On success it contains the amount of valid data
+ * (in bytes) written to \p der. It's undefined
+ * in case of failure.
+ */
+int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
+ unsigned char *der, size_t der_size, size_t *der_len);
+
+/** Convert an ECDSA signature from DER ASN.1 format to raw format.
+ *
+ * \param bits Size of each coordinate in bits.
+ * \param der Buffer that contains the signature in DER format.
+ * \param der_len Size of \p der in bytes.
+ * \param[out] raw Buffer that will be filled with the converted raw
+ * signature. It can overlap with der buffer.
+ * \param raw_size Size of \p raw in bytes. Must be at least
+ * 2 * PSA_BITS_TO_BYTES(bits) bytes.
+ * \param[out] raw_len On success it is updated with the amount of valid
+ * data (in bytes) written to \p raw. It's undefined
+ * in case of failure.
+ */
+int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
+ unsigned char *raw, size_t raw_size, size_t *raw_len);
+
+#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
+
+/**@}*/
+
+#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/vendor/mbedtls/ripemd160.h b/vendor/mbedtls/include/mbedtls/ripemd160.h
index 279f92b..279f92b 100644
--- a/vendor/mbedtls/ripemd160.h
+++ b/vendor/mbedtls/include/mbedtls/ripemd160.h
diff --git a/vendor/mbedtls/rsa.h b/vendor/mbedtls/include/mbedtls/rsa.h
index be831f1..c1e76b3 100644
--- a/vendor/mbedtls/rsa.h
+++ b/vendor/mbedtls/include/mbedtls/rsa.h
@@ -427,6 +427,16 @@ int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP);
/**
+ * \brief This function retrieves the length of the RSA modulus in bits.
+ *
+ * \param ctx The initialized RSA context.
+ *
+ * \return The length of the RSA modulus in bits.
+ *
+ */
+size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx);
+
+/**
* \brief This function retrieves the length of RSA modulus in Bytes.
*
* \param ctx The initialized RSA context.
@@ -878,6 +888,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
const unsigned char *hash,
unsigned char *sig);
+#if defined(MBEDTLS_PKCS1_V21)
/**
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
@@ -978,6 +989,7 @@ int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig);
+#endif /* MBEDTLS_PKCS1_V21 */
/**
* \brief This function performs a public RSA operation and checks
diff --git a/vendor/mbedtls/sha1.h b/vendor/mbedtls/include/mbedtls/sha1.h
index 592ffd1..592ffd1 100644
--- a/vendor/mbedtls/sha1.h
+++ b/vendor/mbedtls/include/mbedtls/sha1.h
diff --git a/vendor/mbedtls/sha256.h b/vendor/mbedtls/include/mbedtls/sha256.h
index 4ee780f..ca568e2 100644
--- a/vendor/mbedtls/sha256.h
+++ b/vendor/mbedtls/include/mbedtls/sha256.h
@@ -41,8 +41,10 @@ typedef struct mbedtls_sha256_context {
unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+#if defined(MBEDTLS_SHA224_C)
int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
+#endif
}
mbedtls_sha256_context;
diff --git a/vendor/mbedtls/sha3.h b/vendor/mbedtls/include/mbedtls/sha3.h
index 3eeee65..3eeee65 100644
--- a/vendor/mbedtls/sha3.h
+++ b/vendor/mbedtls/include/mbedtls/sha3.h
diff --git a/vendor/mbedtls/sha512.h b/vendor/mbedtls/include/mbedtls/sha512.h
index 1c20e4c..1c20e4c 100644
--- a/vendor/mbedtls/sha512.h
+++ b/vendor/mbedtls/include/mbedtls/sha512.h
diff --git a/vendor/mbedtls/ssl.h b/vendor/mbedtls/include/mbedtls/ssl.h
index 89f7b81..ca130a3 100644
--- a/vendor/mbedtls/ssl.h
+++ b/vendor/mbedtls/include/mbedtls/ssl.h
@@ -90,8 +90,18 @@
#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00
/** Not possible to read early data */
#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80
+/**
+ * Early data has been received as part of an on-going handshake.
+ * This error code can be returned only on server side if and only if early
+ * data has been enabled by means of the mbedtls_ssl_conf_early_data() API.
+ * This error code can then be returned by mbedtls_ssl_handshake(),
+ * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if
+ * early data has been received as part of the handshake sequence they
+ * triggered. To read the early data, call mbedtls_ssl_read_early_data().
+ */
+#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA -0x7C00
/** Not possible to write early data */
-#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C00
+#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C80
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -343,6 +353,26 @@
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
+/*
+ * Whether early data record should be discarded or not and how.
+ *
+ * The client has indicated early data and the server has rejected them.
+ * The server has then to skip past early data by either:
+ * - attempting to deprotect received records using the handshake traffic
+ * key, discarding records which fail deprotection (up to the configured
+ * max_early_data_size). Once a record is deprotected successfully,
+ * it is treated as the start of the client's second flight and the
+ * server proceeds as with an ordinary 1-RTT handshake.
+ * - skipping all records with an external content type of
+ * "application_data" (indicating that they are encrypted), up to the
+ * configured max_early_data_size. This is the expected behavior if the
+ * server has sent an HelloRetryRequest message. The server ignores
+ * application data message before 2nd ClientHello.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0
+#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1
+#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2
+
/**
* \name SECTION: Module settings
*
@@ -447,7 +477,7 @@
/*
* TLS 1.3 signature algorithms
- * RFC 8446, Section 4.2.2
+ * RFC 8446, Section 4.2.3
*/
/* RSASSA-PKCS1-v1_5 algorithms */
@@ -613,7 +643,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && \
+ defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \
defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */
#else
@@ -687,7 +717,6 @@ typedef enum {
MBEDTLS_SSL_SERVER_FINISHED,
MBEDTLS_SSL_FLUSH_BUFFERS,
MBEDTLS_SSL_HANDSHAKE_WRAPUP,
-
MBEDTLS_SSL_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
MBEDTLS_SSL_HELLO_RETRY_REQUEST,
@@ -705,6 +734,21 @@ typedef enum {
}
mbedtls_ssl_states;
+/*
+ * Early data status, client side only.
+ */
+
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+typedef enum {
+/*
+ * See documentation of mbedtls_ssl_get_early_data_status().
+ */
+ MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED,
+ MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED,
+} mbedtls_ssl_early_data_status;
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
+
/**
* \brief Callback type: send data on the network.
*
@@ -1189,7 +1233,13 @@ struct mbedtls_ssl_session {
unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+/*!< RecordSizeLimit received from the peer */
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ uint16_t MBEDTLS_PRIVATE(record_size_limit);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
unsigned char MBEDTLS_PRIVATE(exported);
+ uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
/** TLS version negotiated in the session. Used if and when renegotiating
* or resuming a session instead of the configured minor TLS version.
@@ -1197,7 +1247,7 @@ struct mbedtls_ssl_session {
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */
#endif
int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
@@ -1223,23 +1273,52 @@ struct mbedtls_ssl_session {
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_HAVE_TIME)
+ /*! When a ticket is created by a TLS server as part of an established TLS
+ * session, the ticket creation time may need to be saved for the ticket
+ * module to be able to check the ticket age when the ticket is used.
+ * That's the purpose of this field.
+ * Before creating a new ticket, an Mbed TLS server set this field with
+ * its current time in milliseconds. This time may then be saved in the
+ * session ticket data by the session ticket writing function and
+ * recovered by the ticket parsing function later when the ticket is used.
+ * The ticket module may then use this time to compute the ticket age and
+ * determine if it has expired or not.
+ * The Mbed TLS implementations of the session ticket writing and parsing
+ * functions save and retrieve the ticket creation time as part of the
+ * session ticket data. The session ticket parsing function relies on
+ * the mbedtls_ssl_session_get_ticket_creation_time() API to get the
+ * ticket creation time from the session ticket data.
+ */
+ mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time);
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
- uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */
- uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
- uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
- uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */
+ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
+ uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */
+ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */
unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN];
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
- mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */
-#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
+ char *ticket_alpn; /*!< ALPN negotiated in the session
+ during which the ticket was generated. */
+#endif
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
+ /*! Time in milliseconds when the last ticket was received. */
+ mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time);
+#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< maximum amount of early data in tickets */
+#endif
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
@@ -1614,23 +1693,31 @@ struct mbedtls_ssl_context {
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
- * Maximum TLS version to be negotiated, then negotiated TLS version.
+ * Maximum TLS version to be negotiated, then negotiated TLS version.
*
- * It is initialized as the configured maximum TLS version to be
- * negotiated by mbedtls_ssl_setup().
+ * It is initialized as the configured maximum TLS version to be
+ * negotiated by mbedtls_ssl_setup().
*
- * When renegotiating or resuming a session, it is overwritten in the
- * ClientHello writing preparation stage with the previously negotiated
- * TLS version.
+ * When renegotiating or resuming a session, it is overwritten in the
+ * ClientHello writing preparation stage with the previously negotiated
+ * TLS version.
*
- * On client side, it is updated to the TLS version selected by the server
- * for the handshake when the ServerHello is received.
+ * On client side, it is updated to the TLS version selected by the server
+ * for the handshake when the ServerHello is received.
*
- * On server side, it is updated to the TLS version the server selects for
- * the handshake when the ClientHello is received.
+ * On server side, it is updated to the TLS version the server selects for
+ * the handshake when the ClientHello is received.
*/
mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+ /**
+ * State of the negotiation and transfer of early data. Reset to
+ * MBEDTLS_SSL_EARLY_DATA_STATE_IDLE when the context is reset.
+ */
+ int MBEDTLS_PRIVATE(early_data_state);
+#endif
+
unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1747,6 +1834,19 @@ struct mbedtls_ssl_context {
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_SRV_C)
+ /*
+ * One of:
+ * MBEDTLS_SSL_EARLY_DATA_NO_DISCARD
+ * MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD
+ * MBEDTLS_SSL_EARLY_DATA_DISCARD
+ */
+ uint8_t MBEDTLS_PRIVATE(discard_early_data_record);
+#endif
+ uint32_t MBEDTLS_PRIVATE(total_early_data_size); /*!< Number of received/written early data bytes */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
/*
* Record layer (outgoing data)
*/
@@ -1828,10 +1928,6 @@ struct mbedtls_ssl_context {
* and #MBEDTLS_SSL_CID_DISABLED. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
- int MBEDTLS_PRIVATE(early_data_status);
-#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
-
/** Callback to export key block and master secret */
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
@@ -1980,7 +2076,7 @@ void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
*/
void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
/**
* \brief Set the early data mode
* Default: disabled on server and client
@@ -1988,20 +2084,27 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
* \param conf The SSL configuration to use.
* \param early_data_enabled can be:
*
- * MBEDTLS_SSL_EARLY_DATA_DISABLED: early data functionality is disabled
- * This is the default on client and server.
- *
- * MBEDTLS_SSL_EARLY_DATA_ENABLED: early data functionality is enabled and
- * may be negotiated in the handshake. Application using
- * early data functionality needs to be aware of the
- * lack of replay protection of the early data application
- * payloads.
- *
- * \warning This interface is experimental and may change without notice.
- *
- */
-void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
- int early_data_enabled);
+ * MBEDTLS_SSL_EARLY_DATA_DISABLED:
+ * Early data functionality is disabled. This is the default on client and
+ * server.
+ *
+ * MBEDTLS_SSL_EARLY_DATA_ENABLED:
+ * Early data functionality is enabled and may be negotiated in the handshake.
+ * Application using early data functionality needs to be aware that the
+ * security properties for early data (also refered to as 0-RTT data) are
+ * weaker than those for other kinds of TLS data. See the documentation of
+ * mbedtls_ssl_write_early_data() and mbedtls_ssl_read_early_data() for more
+ * information.
+ * When early data functionality is enabled on server and only in that case,
+ * the call to one of the APIs that trigger or resume an handshake sequence,
+ * namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
+ * mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code
+ * MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have
+ * been received. To read the early data, call mbedtls_ssl_read_early_data()
+ * before calling the original function again.
+ */
+void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf,
+ int early_data_enabled);
#if defined(MBEDTLS_SSL_SRV_C)
/**
@@ -2024,14 +2127,15 @@ void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf,
* \param[in] conf The SSL configuration to use.
* \param[in] max_early_data_size The maximum amount of 0-RTT data.
*
- * \warning This interface is experimental and may change without notice.
- *
+ * \warning This interface DOES NOT influence/limit the amount of early data
+ * that can be received through previously created and issued tickets,
+ * which clients may have stored.
*/
-void mbedtls_ssl_tls13_conf_max_early_data_size(
+void mbedtls_ssl_conf_max_early_data_size(
mbedtls_ssl_config *conf, uint32_t max_early_data_size);
#endif /* MBEDTLS_SSL_SRV_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -2555,9 +2659,74 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
mbedtls_ssl_ticket_write_t *f_ticket_write,
mbedtls_ssl_ticket_parse_t *f_ticket_parse,
void *p_ticket);
+
+#if defined(MBEDTLS_HAVE_TIME)
+/**
+ * \brief Get the creation time of a session ticket.
+ *
+ * \note See the documentation of \c ticket_creation_time for information about
+ * the intended usage of this function.
+ *
+ * \param session SSL session
+ * \param ticket_creation_time On exit, holds the ticket creation time in
+ * milliseconds.
+ *
+ * \return 0 on success,
+ * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid.
+ */
+static inline int mbedtls_ssl_session_get_ticket_creation_time(
+ mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time)
+{
+ if (session == NULL || ticket_creation_time == NULL ||
+ session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time);
+
+ return 0;
+}
+#endif /* MBEDTLS_HAVE_TIME */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
/**
+ * \brief Get the session-id buffer.
+ *
+ * \param session SSL session.
+ *
+ * \return The address of the session-id buffer.
+ */
+static inline unsigned const char (*mbedtls_ssl_session_get_id(const mbedtls_ssl_session *
+ session))[32]
+{
+ return &session->MBEDTLS_PRIVATE(id);
+}
+
+/**
+ * \brief Get the size of the session-id.
+ *
+ * \param session SSL session.
+ *
+ * \return size_t size of session-id buffer.
+ */
+static inline size_t mbedtls_ssl_session_get_id_len(const mbedtls_ssl_session *session)
+{
+ return session->MBEDTLS_PRIVATE(id_len);
+}
+
+/**
+ * \brief Get the ciphersuite-id.
+ *
+ * \param session SSL session.
+ *
+ * \return int represetation for ciphersuite.
+ */
+static inline int mbedtls_ssl_session_get_ciphersuite_id(const mbedtls_ssl_session *session)
+{
+ return session->MBEDTLS_PRIVATE(ciphersuite);
+}
+
+/**
* \brief Configure a key export callback.
* (Default: none.)
*
@@ -3047,16 +3216,16 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
* a full handshake.
*
* \note This function can handle a variety of mechanisms for session
- * resumption: For TLS 1.2, both session ID-based resumption and
- * ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and loading
- * one or more sessions via this call will lead to their
- * corresponding tickets being advertised as resumption PSKs
- * by the client.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
+ * resumption: For TLS 1.2, both session ID-based resumption
+ * and ticket-based resumption will be considered. For TLS 1.3,
+ * sessions equate to tickets, and loading one session by
+ * calling this function will lead to its corresponding ticket
+ * being advertised as resumption PSK by the client. This
+ * depends on session tickets being enabled (see
+ * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though.
+ * If session tickets are disabled, a call to this function
+ * with a TLS 1.3 session, will not have any effect on the next
+ * handshake for the SSL context \p ssl.
*
* \param ssl The SSL context representing the connection which should
* be attempted to be setup using session resumption. This
@@ -3071,9 +3240,10 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
*
* \return \c 0 if successful.
* \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
- * could not be loaded because of an implementation limitation.
- * This error is non-fatal, and has no observable effect on
- * the SSL context or the session that was attempted to be loaded.
+ * could not be loaded because one session has already been
+ * loaded. This error is non-fatal, and has no observable
+ * effect on the SSL context or the session that was attempted
+ * to be loaded.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_get_session()
@@ -3140,8 +3310,16 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
* to determine the necessary size by calling this function
* with \p buf set to \c NULL and \p buf_len to \c 0.
*
+ * \note For TLS 1.3 sessions, this feature is supported only if the
+ * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled,
+ * as in TLS 1.3 session resumption is possible only with
+ * tickets.
+ *
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the
+ * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled
+ * and the session is a TLS 1.3 session.
*/
int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
unsigned char *buf,
@@ -3739,6 +3917,8 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
* used for certificate signature are controlled by the
* verification profile, see \c mbedtls_ssl_conf_cert_profile().
*
+ * \deprecated Superseded by mbedtls_ssl_conf_sig_algs().
+ *
* \note This list should be ordered by decreasing preference
* (preferred hash first).
*
@@ -3763,13 +3943,16 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
/**
- * \brief Configure allowed signature algorithms for use in TLS 1.3
+ * \brief Configure allowed signature algorithms for use in TLS
*
* \param conf The SSL configuration to use.
* \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
- * terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
- * available throughout the lifetime of the conf object. Supported
- * values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
+ * terminated by #MBEDTLS_TLS1_3_SIG_NONE. The list must remain
+ * available throughout the lifetime of the conf object.
+ * - For TLS 1.3, values of \c MBEDTLS_TLS1_3_SIG_XXXX should be
+ * used.
+ * - For TLS 1.2, values should be given as
+ * "(HashAlgorithm << 8) | SignatureAlgorithm".
*/
void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
const uint16_t *sig_algs);
@@ -4657,29 +4840,22 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl
* \param ssl The SSL context representing the connection for which to
* to export a session structure for later resumption.
* \param session The target structure in which to store the exported session.
- * This must have been initialized with mbedtls_ssl_init_session()
+ * This must have been initialized with mbedtls_ssl_session_init()
* but otherwise be unused.
*
* \note This function can handle a variety of mechanisms for session
* resumption: For TLS 1.2, both session ID-based resumption and
* ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and calling
- * this function multiple times will export the available
- * tickets one a time until no further tickets are available,
- * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
- * be returned.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
+ * sessions equate to tickets, and if session tickets are
+ * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration
+ * option), this function exports the last received ticket and
+ * the exported session may be used to resume the TLS 1.3
+ * session. If session tickets are disabled, exported sessions
+ * cannot be used to resume a TLS 1.3 session.
*
* \return \c 0 if successful. In this case, \p session can be used for
* session resumption by passing it to mbedtls_ssl_set_session(),
* and serialized for storage via mbedtls_ssl_session_save().
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
- * is available for export.
- * This error is a non-fatal, and has no observable effect on
- * the SSL context or the destination session.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_set_session()
@@ -4711,6 +4887,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
* and the client did not demonstrate reachability yet - in
* this case you must stop using the context (see below).
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ * defined in RFC 8446 (TLS 1.3 specification), has been
+ * received as part of the handshake. This is server specific
+ * and may occur only if the early data feature has been
+ * enabled on server (see mbedtls_ssl_conf_early_data()
+ * documentation). You must call mbedtls_ssl_read_early_data()
+ * to read the early data before resuming the handshake.
* \return Another SSL error code - in this case you must stop using
* the context (see below).
*
@@ -4719,7 +4902,8 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
* #MBEDTLS_ERR_SSL_WANT_READ,
* #MBEDTLS_ERR_SSL_WANT_WRITE,
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
* on it before re-using it for a new connection; the current
@@ -4788,8 +4972,9 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl)
*
* \warning If this function returns something other than \c 0,
* #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using
* the SSL context for reading or writing, and either free it
* or call \c mbedtls_ssl_session_reset() on it before
* re-using it for a new connection; the current connection
@@ -4857,6 +5042,13 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
* \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
* side of a DTLS connection and the client is initiating a
* new connection using the same source port. See below.
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ * defined in RFC 8446 (TLS 1.3 specification), has been
+ * received as part of the handshake. This is server specific
+ * and may occur only if the early data feature has been
+ * enabled on server (see mbedtls_ssl_conf_early_data()
+ * documentation). You must call mbedtls_ssl_read_early_data()
+ * to read the early data before resuming the handshake.
* \return Another SSL error code - in this case you must stop using
* the context (see below).
*
@@ -4865,8 +5057,9 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
* #MBEDTLS_ERR_SSL_WANT_READ,
* #MBEDTLS_ERR_SSL_WANT_WRITE,
* #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
* on it before re-using it for a new connection; the current
@@ -4931,6 +5124,13 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
* operation is in progress (see mbedtls_ecp_set_max_ops()) -
* in this case you must call this function again to complete
* the handshake when you're done attending other tasks.
+ * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ * defined in RFC 8446 (TLS 1.3 specification), has been
+ * received as part of the handshake. This is server specific
+ * and may occur only if the early data feature has been
+ * enabled on server (see mbedtls_ssl_conf_early_data()
+ * documentation). You must call mbedtls_ssl_read_early_data()
+ * to read the early data before resuming the handshake.
* \return Another SSL error code - in this case you must stop using
* the context (see below).
*
@@ -4938,8 +5138,9 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
* a non-negative value,
* #MBEDTLS_ERR_SSL_WANT_READ,
* #MBEDTLS_ERR_SSL_WANT_WRITE,
- * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
* you must stop using the SSL context for reading or writing,
* and either free it or call \c mbedtls_ssl_session_reset()
* on it before re-using it for a new connection; the current
@@ -5003,48 +5204,51 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_SRV_C)
/**
- * \brief Read at most 'len' application data bytes while performing
- * the handshake (early data).
- *
- * \note This function behaves mainly as mbedtls_ssl_read(). The
- * specification of mbedtls_ssl_read() relevant to TLS 1.3
- * (thus not the parts specific to (D)TLS 1.2) applies to this
- * function and the present documentation is restricted to the
- * differences with mbedtls_ssl_read().
- *
- * \param ssl SSL context
+ * \brief Read at most 'len' bytes of early data
+ *
+ * \note This API is server specific.
+ *
+ * \warning Early data is defined in the TLS 1.3 specification, RFC 8446.
+ * IMPORTANT NOTE from section 2.3 of the specification:
+ *
+ * The security properties for 0-RTT data are weaker than
+ * those for other kinds of TLS data. Specifically:
+ * - This data is not forward secret, as it is encrypted
+ * solely under keys derived using the offered PSK.
+ * - There are no guarantees of non-replay between connections.
+ * Protection against replay for ordinary TLS 1.3 1-RTT data
+ * is provided via the server's Random value, but 0-RTT data
+ * does not depend on the ServerHello and therefore has
+ * weaker guarantees. This is especially relevant if the
+ * data is authenticated either with TLS client
+ * authentication or inside the application protocol. The
+ * same warnings apply to any use of the
+ * early_exporter_master_secret.
+ *
+ * \warning Mbed TLS does not implement any of the anti-replay defenses
+ * defined in section 8 of the TLS 1.3 specification:
+ * single-use of tickets or ClientHello recording within a
+ * given time window.
+ *
+ * \note This function is used in conjunction with
+ * mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
+ * mbedtls_ssl_read() and mbedtls_ssl_write() to read early
+ * data when these functions return
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA.
+ *
+ * \param ssl SSL context, it must have been initialized and set up.
* \param buf buffer that will hold the data
* \param len maximum number of bytes to read
*
- * \return One additional specific return value:
- * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA.
- *
- * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA is returned when it
- * is not possible to read early data for the SSL context
- * \p ssl.
- *
- * It may have been possible and it is not possible
- * anymore because the server received the End of Early Data
- * message or the maximum number of allowed early data for the
- * PSK in use has been reached.
- *
- * It may never have been possible and will never be possible
- * for the SSL context \p ssl because the use of early data
- * is disabled for that context or more generally the context
- * is not suitably configured to enable early data or the
- * client does not use early data or the first call to the
- * function was done while the handshake was already too
- * advanced to gather and accept early data.
- *
- * It is not possible to read early data for the SSL context
- * \p ssl but this does not preclude for using it with
- * mbedtls_ssl_write(), mbedtls_ssl_read() or
- * mbedtls_ssl_handshake().
- *
- * \note When a server wants to retrieve early data, it is expected
- * that this function starts the handshake for the SSL context
- * \p ssl. But this is not mandatory.
- *
+ * \return The (positive) number of bytes read if successful.
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not
+ * possible to read early data for the SSL context \p ssl. Note
+ * that this function is intended to be called for an SSL
+ * context \p ssl only after a call to mbedtls_ssl_handshake(),
+ * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or
+ * mbedtls_ssl_write() for \p ssl that has returned
+ * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA.
*/
int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
unsigned char *buf, size_t len);
@@ -5055,17 +5259,43 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
* \brief Try to write exactly 'len' application data bytes while
* performing the handshake (early data).
*
+ * \warning Early data is defined in the TLS 1.3 specification, RFC 8446.
+ * IMPORTANT NOTE from section 2.3 of the specification:
+ *
+ * The security properties for 0-RTT data are weaker than
+ * those for other kinds of TLS data. Specifically:
+ * - This data is not forward secret, as it is encrypted
+ * solely under keys derived using the offered PSK.
+ * - There are no guarantees of non-replay between connections.
+ * Protection against replay for ordinary TLS 1.3 1-RTT data
+ * is provided via the server's Random value, but 0-RTT data
+ * does not depend on the ServerHello and therefore has
+ * weaker guarantees. This is especially relevant if the
+ * data is authenticated either with TLS client
+ * authentication or inside the application protocol. The
+ * same warnings apply to any use of the
+ * early_exporter_master_secret.
+ *
* \note This function behaves mainly as mbedtls_ssl_write(). The
* specification of mbedtls_ssl_write() relevant to TLS 1.3
* (thus not the parts specific to (D)TLS1.2) applies to this
- * function and the present documentation is restricted to the
- * differences with mbedtls_ssl_write().
+ * function and the present documentation is mainly restricted
+ * to the differences with mbedtls_ssl_write(). One noticeable
+ * difference though is that mbedtls_ssl_write() aims to
+ * complete the handshake before to write application data
+ * while mbedtls_ssl_write_early() aims to drive the handshake
+ * just past the point where it is not possible to send early
+ * data anymore.
*
* \param ssl SSL context
* \param buf buffer holding the data
* \param len how many bytes must be written
*
- * \return One additional specific return value:
+ * \return The (non-negative) number of bytes actually written if
+ * successful (may be less than \p len).
+ *
+ * \return One additional specific error code compared to
+ * mbedtls_ssl_write():
* #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA.
*
* #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA is returned when it
@@ -5086,9 +5316,11 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
* already completed.
*
* It is not possible to write early data for the SSL context
- * \p ssl but this does not preclude for using it with
+ * \p ssl and any subsequent call to this API will return this
+ * error code. But this does not preclude for using it with
* mbedtls_ssl_write(), mbedtls_ssl_read() or
- * mbedtls_ssl_handshake().
+ * mbedtls_ssl_handshake() and the handshake can be
+ * completed by calling one of these APIs.
*
* \note This function may write early data only if the SSL context
* has been configured for the handshake with a PSK for which
@@ -5110,9 +5342,6 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len);
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
/**
* \brief Get the status of the negotiation of the use of early data.
*
@@ -5124,8 +5353,8 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
* prior to completion of the handshake.
*
- * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT if the client has
- * not indicated the use of early data to the server.
+ * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client
+ * has not indicated the use of early data to the server.
*
* \return #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED if the client has
* indicated the use of early data and the server has accepted
diff --git a/vendor/mbedtls/ssl_cache.h b/vendor/mbedtls/include/mbedtls/ssl_cache.h
index a1307b4..a1307b4 100644
--- a/vendor/mbedtls/ssl_cache.h
+++ b/vendor/mbedtls/include/mbedtls/ssl_cache.h
diff --git a/vendor/mbedtls/ssl_ciphersuites.h b/vendor/mbedtls/include/mbedtls/ssl_ciphersuites.h
index 8cecbb6..12d4462 100644
--- a/vendor/mbedtls/ssl_ciphersuites.h
+++ b/vendor/mbedtls/include/mbedtls/ssl_ciphersuites.h
@@ -463,151 +463,17 @@ const int *mbedtls_ssl_list_ciphersuites(void);
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
-psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
-int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
-
static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info)
{
return info->MBEDTLS_PRIVATE(name);
}
-size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info);
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
+static inline int mbedtls_ssl_ciphersuite_get_id(const mbedtls_ssl_ciphersuite_t *info)
{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- return 1;
-
- default:
- return 0;
- }
+ return info->MBEDTLS_PRIVATE(id);
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_RSA:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
- const mbedtls_ssl_ciphersuite_t *info)
-{
- switch (info->MBEDTLS_PRIVATE(key_exchange)) {
- case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return 1;
-
- default:
- return 0;
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
+size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info);
#ifdef __cplusplus
}
diff --git a/vendor/mbedtls/ssl_cookie.h b/vendor/mbedtls/include/mbedtls/ssl_cookie.h
index 71c258e..71c258e 100644
--- a/vendor/mbedtls/ssl_cookie.h
+++ b/vendor/mbedtls/include/mbedtls/ssl_cookie.h
diff --git a/vendor/mbedtls/ssl_ticket.h b/vendor/mbedtls/include/mbedtls/ssl_ticket.h
index 6d59c12..2ee1400 100644
--- a/vendor/mbedtls/ssl_ticket.h
+++ b/vendor/mbedtls/include/mbedtls/ssl_ticket.h
@@ -50,6 +50,10 @@ typedef struct mbedtls_ssl_ticket_key {
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
#endif
+ /*! Lifetime of the key in seconds. This is also the lifetime of the
+ * tickets created under that key.
+ */
+ uint32_t MBEDTLS_PRIVATE(lifetime);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
#else
@@ -104,10 +108,16 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx);
* least as strong as the strongest ciphersuite
* supported. Usually that means a 256-bit key.
*
- * \note The lifetime of the keys is twice the lifetime of tickets.
- * It is recommended to pick a reasonable lifetime so as not
+ * \note It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
+ * \note The TLS 1.3 specification states that ticket lifetime must
+ * be smaller than seven days. If ticket lifetime has been
+ * set to a value greater than seven days in this module then
+ * if the TLS 1.3 is configured to send tickets after the
+ * handshake it will fail the connection when trying to send
+ * the first ticket.
+ *
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
@@ -141,10 +151,16 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
* \note \c klength must be sufficient for use by cipher specified
* to \c mbedtls_ssl_ticket_setup
*
- * \note The lifetime of the keys is twice the lifetime of tickets.
- * It is recommended to pick a reasonable lifetime so as not
+ * \note It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
+ * \note The TLS 1.3 specification states that ticket lifetime must
+ * be smaller than seven days. If ticket lifetime has been
+ * set to a value greater than seven days in this module then
+ * if the TLS 1.3 is configured to send tickets after the
+ * handshake it will fail the connection when trying to send
+ * the first ticket.
+ *
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
diff --git a/vendor/mbedtls/threading.h b/vendor/mbedtls/include/mbedtls/threading.h
index ed16a23..d50d04e 100644
--- a/vendor/mbedtls/threading.h
+++ b/vendor/mbedtls/include/mbedtls/threading.h
@@ -28,10 +28,14 @@ extern "C" {
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t {
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
- /* is_valid is 0 after a failed init or a free, and nonzero after a
- * successful init. This field is not considered part of the public
- * API of Mbed TLS and may change without notice. */
- char MBEDTLS_PRIVATE(is_valid);
+
+ /* WARNING - state should only be accessed when holding the mutex lock in
+ * tests/src/threading_helpers.c, otherwise corruption can occur.
+ * state will be 0 after a failed init or a free, and nonzero after a
+ * successful init. This field is for testing only and thus not considered
+ * part of the public API of Mbed TLS and may change without notice.*/
+ char MBEDTLS_PRIVATE(state);
+
} mbedtls_threading_mutex_t;
#endif
@@ -96,6 +100,34 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/*
+ * A mutex used to make the PSA subsystem thread safe.
+ *
+ * key_slot_mutex protects the registered_readers and
+ * state variable for all key slots in &global_data.key_slots.
+ *
+ * This mutex must be held when any read from or write to a state or
+ * registered_readers field is performed, i.e. when calling functions:
+ * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(),
+ * psa_key_slot_has_readers() and psa_wipe_key_slot(). */
+extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex;
+
+/*
+ * A mutex used to make the non-rng PSA global_data struct members thread safe.
+ *
+ * This mutex must be held when reading or writing to any of the PSA global_data
+ * structure members, other than the rng_state or rng struct. */
+extern mbedtls_threading_mutex_t mbedtls_threading_psa_globaldata_mutex;
+
+/*
+ * A mutex used to make the PSA global_data rng data thread safe.
+ *
+ * This mutex must be held when reading or writing to the PSA
+ * global_data rng_state or rng struct members. */
+extern mbedtls_threading_mutex_t mbedtls_threading_psa_rngdata_mutex;
+#endif
+
#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
diff --git a/vendor/mbedtls/timing.h b/vendor/mbedtls/include/mbedtls/timing.h
index 62ae102..62ae102 100644
--- a/vendor/mbedtls/timing.h
+++ b/vendor/mbedtls/include/mbedtls/timing.h
diff --git a/vendor/mbedtls/version.h b/vendor/mbedtls/include/mbedtls/version.h
index 637f9d3..637f9d3 100644
--- a/vendor/mbedtls/version.h
+++ b/vendor/mbedtls/include/mbedtls/version.h
diff --git a/vendor/mbedtls/x509.h b/vendor/mbedtls/include/mbedtls/x509.h
index e2e0667..453f598 100644
--- a/vendor/mbedtls/x509.h
+++ b/vendor/mbedtls/include/mbedtls/x509.h
@@ -307,6 +307,7 @@ typedef struct mbedtls_x509_san_list {
mbedtls_x509_san_list;
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
/**
* \brief Store the certificate DN in printable form into buf;
@@ -322,6 +323,23 @@ mbedtls_x509_san_list;
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
/**
+ * \brief Convert the certificate DN string \p name into
+ * a linked list of mbedtls_x509_name (equivalent to
+ * mbedtls_asn1_named_data).
+ *
+ * \note This function allocates a linked list, and places the head
+ * pointer in \p head. This list must later be freed by a
+ * call to mbedtls_asn1_free_named_data_list().
+ *
+ * \param[out] head Address in which to store the pointer to the head of the
+ * allocated list of mbedtls_x509_name
+ * \param[in] name The string representation of a DN to convert
+ *
+ * \return 0 on success, or a negative error code.
+ */
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
+
+/**
* \brief Return the next relative DN in an X509 name.
*
* \note Intended use is to compare function result to dn->next
@@ -448,75 +466,6 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
*/
void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
-/** \} addtogroup x509_module */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
- mbedtls_x509_name *cur);
-int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg);
-int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
- mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
- int *salt_len);
-#endif
-int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
-int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
- mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
- void **sig_opts);
-int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
- mbedtls_x509_time *t);
-int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *serial);
-int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
- mbedtls_x509_buf *ext, int tag);
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
- mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
- const void *sig_opts);
-#endif
-int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
-int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
-int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
- int critical, const unsigned char *val,
- size_t val_len);
-int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
- mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
- const char *oid, size_t oid_len,
- unsigned char *sig, size_t size,
- mbedtls_pk_type_t pk_alg);
-int mbedtls_x509_get_ns_cert_type(unsigned char **p,
- const unsigned char *end,
- unsigned char *ns_cert_type);
-int mbedtls_x509_get_key_usage(unsigned char **p,
- const unsigned char *end,
- unsigned int *key_usage);
-int mbedtls_x509_get_subject_alt_name(unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
- const unsigned char *end,
- mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
- const mbedtls_x509_sequence
- *subject_alt_name,
- const char *prefix);
-int mbedtls_x509_info_cert_type(char **buf, size_t *size,
- unsigned char ns_cert_type);
-int mbedtls_x509_info_key_usage(char **buf, size_t *size,
- unsigned int key_usage);
-
-int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
- const mbedtls_x509_san_list *san_list);
-
/**
* \brief This function parses a CN string as an IP address.
*
@@ -547,4 +496,4 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
}
#endif
-#endif /* x509.h */
+#endif /* MBEDTLS_X509_H */
diff --git a/vendor/mbedtls/x509_crl.h b/vendor/mbedtls/include/mbedtls/x509_crl.h
index 6625a44..6625a44 100644
--- a/vendor/mbedtls/x509_crl.h
+++ b/vendor/mbedtls/include/mbedtls/x509_crl.h
diff --git a/vendor/mbedtls/x509_crt.h b/vendor/mbedtls/include/mbedtls/x509_crt.h
index 3f1a1e7..1ce0d23 100644
--- a/vendor/mbedtls/x509_crt.h
+++ b/vendor/mbedtls/include/mbedtls/x509_crt.h
@@ -916,6 +916,18 @@ static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx,
return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
}
+/**
+ * \brief Access the ca_istrue field
+ *
+ * \param[in] crt Certificate to be queried, must not be \c NULL
+ *
+ * \return \c 1 if this a CA certificate \c 0 otherwise.
+ * \return MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain
+ * the Optional Basic Constraint extension.
+ *
+ */
+int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt);
+
/** \} name Structures and functions for parsing and writing X.509 certificates */
#if defined(MBEDTLS_X509_CRT_WRITE_C)
diff --git a/vendor/mbedtls/x509_csr.h b/vendor/mbedtls/include/mbedtls/x509_csr.h
index e54010b..8c31c09 100644
--- a/vendor/mbedtls/x509_csr.h
+++ b/vendor/mbedtls/include/mbedtls/x509_csr.h
@@ -75,7 +75,9 @@ mbedtls_x509write_csr;
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
*
- * \note CSR attributes (if any) are currently silently ignored.
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the CSR is rejected.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
@@ -91,6 +93,67 @@ int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
const unsigned char *buf, size_t buflen);
/**
+ * \brief The type of certificate extension callbacks.
+ *
+ * Callbacks of this type are passed to and used by the
+ * mbedtls_x509_csr_parse_der_with_ext_cb() routine when
+ * it encounters either an unsupported extension.
+ * Future versions of the library may invoke the callback
+ * in other cases, if and when the need arises.
+ *
+ * \param p_ctx An opaque context passed to the callback.
+ * \param csr The CSR being parsed.
+ * \param oid The OID of the extension.
+ * \param critical Whether the extension is critical.
+ * \param p Pointer to the start of the extension value
+ * (the content of the OCTET STRING).
+ * \param end End of extension value.
+ *
+ * \note The callback must fail and return a negative error code
+ * if it can not parse or does not support the extension.
+ * When the callback fails to parse a critical extension
+ * mbedtls_x509_csr_parse_der_with_ext_cb() also fails.
+ * When the callback fails to parse a non critical extension
+ * mbedtls_x509_csr_parse_der_with_ext_cb() simply skips
+ * the extension and continues parsing.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx,
+ mbedtls_x509_csr const *csr,
+ mbedtls_x509_buf const *oid,
+ int critical,
+ const unsigned char *p,
+ const unsigned char *end);
+
+/**
+ * \brief Load a Certificate Signing Request (CSR) in DER format
+ *
+ * \note Any unsupported requested extensions are silently
+ * ignored, unless the critical flag is set, in which case
+ * the result of the callback function decides whether
+ * CSR is rejected.
+ *
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
+ * \param csr CSR context to fill
+ * \param buf buffer holding the CRL data
+ * \param buflen size of the buffer
+ * \param cb A callback invoked for every unsupported certificate
+ * extension.
+ * \param p_ctx An opaque context passed to the callback.
+ *
+ * \return 0 if successful, or a specific X509 error code
+ */
+int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr,
+ const unsigned char *buf, size_t buflen,
+ mbedtls_x509_csr_ext_cb_t cb,
+ void *p_ctx);
+
+/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
*
* \note See notes for \c mbedtls_x509_csr_parse_der()
diff --git a/vendor/mbedtls/psa/build_info.h b/vendor/mbedtls/include/psa/build_info.h
index 3ee6cd7..3ee6cd7 100644
--- a/vendor/mbedtls/psa/build_info.h
+++ b/vendor/mbedtls/include/psa/build_info.h
diff --git a/vendor/mbedtls/psa/crypto.h b/vendor/mbedtls/include/psa/crypto.h
index fe10ee0..7083bd9 100644
--- a/vendor/mbedtls/psa/crypto.h
+++ b/vendor/mbedtls/include/psa/crypto.h
@@ -119,8 +119,9 @@ static psa_key_attributes_t psa_key_attributes_init(void);
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(),
- * psa_key_derivation_output_key() or psa_copy_key().
+ * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
+ * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
+ * or psa_copy_key().
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
@@ -163,8 +164,9 @@ static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(),
- * psa_key_derivation_output_key() or psa_copy_key().
+ * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
+ * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
+ * or psa_copy_key().
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
@@ -525,6 +527,11 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
* If a key is currently in use in a multipart operation, then destroying the
* key will cause the multipart operation to fail.
*
+ * \warning We can only guarantee that the the key material will
+ * eventually be wiped from memory. With threading enabled
+ * and during concurrent execution, copies of the key material may
+ * still exist until all threads have finished using the key.
+ *
* \param key Identifier of the key to erase. If this is \c 0, do nothing and
* return #PSA_SUCCESS.
*
@@ -3226,7 +3233,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
* psa_key_derivation_set_capacity(). You may do this before, in the middle
* of or after providing inputs. For some algorithms, this step is mandatory
* because the output depends on the maximum capacity.
- * -# To derive a key, call psa_key_derivation_output_key().
+ * -# To derive a key, call psa_key_derivation_output_key() or
+ * psa_key_derivation_output_key_ext().
* To derive a byte string for a different purpose, call
* psa_key_derivation_output_bytes().
* Successive calls to these functions use successive output bytes
@@ -3449,7 +3457,8 @@ psa_status_t psa_key_derivation_input_integer(
* \note Once all inputs steps are completed, the operations will allow:
* - psa_key_derivation_output_bytes() if each input was either a direct input
* or a key with #PSA_KEY_USAGE_DERIVE set;
- * - psa_key_derivation_output_key() if the input for step
+ * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext()
+ * if the input for step
* #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
* was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
* either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
@@ -3697,6 +3706,11 @@ psa_status_t psa_key_derivation_output_bytes(
* Future versions of this specification may include additional restrictions
* on the derived key based on the attributes and strength of the secret key.
*
+ * \note This function is equivalent to calling
+ * psa_key_derivation_output_key_ext()
+ * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT
+ * and `params_data_length == 0` (i.e. `params->data` is empty).
+ *
* \param[in] attributes The attributes for the new key.
* If the key type to be created is
* #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
@@ -3750,6 +3764,83 @@ psa_status_t psa_key_derivation_output_key(
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t *key);
+/** Derive a key from an ongoing key derivation operation with custom
+ * production parameters.
+ *
+ * See the description of psa_key_derivation_out_key() for the operation of
+ * this function with the default production parameters.
+ * Mbed TLS currently does not currently support any non-default production
+ * parameters.
+ *
+ * \note This function is experimental and may change in future minor
+ * versions of Mbed TLS.
+ *
+ * \param[in] attributes The attributes for the new key.
+ * If the key type to be created is
+ * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+ * the policy must be the same as in the current
+ * operation.
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[in] params Customization parameters for the key derivation.
+ * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
+ * with \p params_data_length = 0,
+ * this function is equivalent to
+ * psa_key_derivation_output_key().
+ * Mbed TLS currently only supports the default
+ * production parameters, i.e.
+ * #PSA_KEY_PRODUCTION_PARAMETERS_INIT,
+ * for all key types.
+ * \param params_data_length
+ * Length of `params->data` in bytes.
+ * \param[out] key On success, an identifier for the newly created
+ * key. For persistent keys, this is the key
+ * identifier defined in \p attributes.
+ * \c 0 on failure.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * There was not enough data to create the desired key.
+ * Note that in this case, no output is written to the output buffer.
+ * The operation's capacity is set to 0, thus subsequent calls to
+ * this function will not succeed, even with a smaller output buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key type or key size is not supported, either by the
+ * implementation in general or in this particular location.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The provided key attributes are not valid for the operation.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The #PSA_KEY_DERIVATION_INPUT_SECRET or
+ * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+ * key; or one of the inputs was a key whose policy didn't allow
+ * #PSA_KEY_USAGE_DERIVE.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active and completed
+ * all required input steps), or the library has not been previously
+ * initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation_output_key_ext(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ const psa_key_production_parameters_t *params,
+ size_t params_data_length,
+ mbedtls_svc_key_id_t *key);
+
/** Compare output data from a key derivation operation to an expected value.
*
* This function calculates output bytes from a key derivation algorithm and
@@ -3835,7 +3926,8 @@ psa_status_t psa_key_derivation_verify_bytes(
* and the permitted algorithm must match the
* operation. The value of this key was likely
* computed by a previous call to
- * psa_key_derivation_output_key().
+ * psa_key_derivation_output_key() or
+ * psa_key_derivation_output_key_ext().
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
@@ -4003,6 +4095,10 @@ psa_status_t psa_generate_random(uint8_t *output,
* between 2^{n-1} and 2^n where n is the bit size specified in the
* attributes.
*
+ * \note This function is equivalent to calling psa_generate_key_ext()
+ * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT
+ * and `params_data_length == 0` (i.e. `params->data` is empty).
+ *
* \param[in] attributes The attributes for the new key.
* \param[out] key On success, an identifier for the newly created
* key. For persistent keys, this is the key
@@ -4035,6 +4131,60 @@ psa_status_t psa_generate_random(uint8_t *output,
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t *key);
+/**
+ * \brief Generate a key or key pair using custom production parameters.
+ *
+ * See the description of psa_generate_key() for the operation of this
+ * function with the default production parameters. In addition, this function
+ * supports the following production customizations, described in more detail
+ * in the documentation of ::psa_key_production_parameters_t:
+ *
+ * - RSA keys: generation with a custom public exponent.
+ *
+ * \note This function is experimental and may change in future minor
+ * versions of Mbed TLS.
+ *
+ * \param[in] attributes The attributes for the new key.
+ * \param[in] params Customization parameters for the key generation.
+ * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
+ * with \p params_data_length = 0,
+ * this function is equivalent to
+ * psa_generate_key().
+ * \param params_data_length
+ * Length of `params->data` in bytes.
+ * \param[out] key On success, an identifier for the newly created
+ * key. For persistent keys, this is the key
+ * identifier defined in \p attributes.
+ * \c 0 on failure.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
+ const psa_key_production_parameters_t *params,
+ size_t params_data_length,
+ mbedtls_svc_key_id_t *key);
+
/**@}*/
/** \defgroup interruptible_hash Interruptible sign/verify hash
diff --git a/vendor/mbedtls/psa/crypto_adjust_auto_enabled.h b/vendor/mbedtls/include/psa/crypto_adjust_auto_enabled.h
index 63fb29e..63fb29e 100644
--- a/vendor/mbedtls/psa/crypto_adjust_auto_enabled.h
+++ b/vendor/mbedtls/include/psa/crypto_adjust_auto_enabled.h
diff --git a/vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h b/vendor/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h
index 63afc0e..63afc0e 100644
--- a/vendor/mbedtls/psa/crypto_adjust_config_key_pair_types.h
+++ b/vendor/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h
diff --git a/vendor/mbedtls/psa/crypto_adjust_config_synonyms.h b/vendor/mbedtls/include/psa/crypto_adjust_config_synonyms.h
index cf33465..332b622 100644
--- a/vendor/mbedtls/psa/crypto_adjust_config_synonyms.h
+++ b/vendor/mbedtls/include/psa/crypto_adjust_config_synonyms.h
@@ -24,12 +24,6 @@
#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
#endif
-#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG
-#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM)
-#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM
-#endif
-
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
diff --git a/vendor/mbedtls/psa/crypto_builtin_composites.h b/vendor/mbedtls/include/psa/crypto_builtin_composites.h
index 35c2e29..c14f5dd 100644
--- a/vendor/mbedtls/psa/crypto_builtin_composites.h
+++ b/vendor/mbedtls/include/psa/crypto_builtin_composites.h
@@ -25,8 +25,12 @@
#include <psa/crypto_driver_common.h>
#include "mbedtls/cmac.h"
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
#include "mbedtls/gcm.h"
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
#include "mbedtls/ccm.h"
+#endif
#include "mbedtls/chachapoly.h"
/*
diff --git a/vendor/mbedtls/psa/crypto_builtin_key_derivation.h b/vendor/mbedtls/include/psa/crypto_builtin_key_derivation.h
index 6b91ae7..6b91ae7 100644
--- a/vendor/mbedtls/psa/crypto_builtin_key_derivation.h
+++ b/vendor/mbedtls/include/psa/crypto_builtin_key_derivation.h
diff --git a/vendor/mbedtls/psa/crypto_builtin_primitives.h b/vendor/mbedtls/include/psa/crypto_builtin_primitives.h
index 98ab4d3..98ab4d3 100644
--- a/vendor/mbedtls/psa/crypto_builtin_primitives.h
+++ b/vendor/mbedtls/include/psa/crypto_builtin_primitives.h
diff --git a/vendor/mbedtls/psa/crypto_compat.h b/vendor/mbedtls/include/psa/crypto_compat.h
index f896fae..2a226c0 100644
--- a/vendor/mbedtls/psa/crypto_compat.h
+++ b/vendor/mbedtls/include/psa/crypto_compat.h
@@ -146,6 +146,83 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
*/
psa_status_t psa_close_key(psa_key_handle_t handle);
+/** \addtogroup attributes
+ * @{
+ */
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+/** Custom Diffie-Hellman group.
+ *
+ * Mbed TLS does not support custom DH groups.
+ *
+ * \deprecated This value is not useful, so this macro will be removed in
+ * a future version of the library.
+ */
+#define PSA_DH_FAMILY_CUSTOM \
+ ((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e))
+
+/**
+ * \brief Set domain parameters for a key.
+ *
+ * \deprecated Mbed TLS no longer supports any domain parameters.
+ * This function only does the equivalent of
+ * psa_set_key_type() and will be removed in a future version
+ * of the library.
+ *
+ * \param[in,out] attributes Attribute structure where \p type will be set.
+ * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
+ * \param[in] data Ignored.
+ * \param data_length Must be 0.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ */
+static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters(
+ psa_key_attributes_t *attributes,
+ psa_key_type_t type, const uint8_t *data, size_t data_length)
+{
+ (void) data;
+ if (data_length != 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ psa_set_key_type(attributes, type);
+ return PSA_SUCCESS;
+}
+
+/**
+ * \brief Get domain parameters for a key.
+ *
+ * \deprecated Mbed TLS no longer supports any domain parameters.
+ * This function alwaya has an empty output and will be
+ * removed in a future version of the library.
+
+ * \param[in] attributes Ignored.
+ * \param[out] data Ignored.
+ * \param data_size Ignored.
+ * \param[out] data_length Set to 0.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ */
+static inline psa_status_t MBEDTLS_DEPRECATED psa_get_key_domain_parameters(
+ const psa_key_attributes_t *attributes,
+ uint8_t *data, size_t data_size, size_t *data_length)
+{
+ (void) attributes;
+ (void) data;
+ (void) data_size;
+ *data_length = 0;
+ return PSA_SUCCESS;
+}
+
+/** Safe output buffer size for psa_get_key_domain_parameters().
+ *
+ */
+#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
+ MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u)
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**@}*/
+
#ifdef __cplusplus
}
#endif
diff --git a/vendor/mbedtls/psa/crypto_config.h b/vendor/mbedtls/include/psa/crypto_config.h
index 5bf00f4..36e937a 100644
--- a/vendor/mbedtls/psa/crypto_config.h
+++ b/vendor/mbedtls/include/psa/crypto_config.h
@@ -109,6 +109,12 @@
#define PSA_WANT_ECC_SECP_R1_384 1
#define PSA_WANT_ECC_SECP_R1_521 1
+#define PSA_WANT_DH_RFC7919_2048 1
+#define PSA_WANT_DH_RFC7919_3072 1
+#define PSA_WANT_DH_RFC7919_4096 1
+#define PSA_WANT_DH_RFC7919_6144 1
+#define PSA_WANT_DH_RFC7919_8192 1
+
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_PASSWORD 1
#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
diff --git a/vendor/mbedtls/psa/crypto_driver_common.h b/vendor/mbedtls/include/psa/crypto_driver_common.h
index cc11d3b..cc11d3b 100644
--- a/vendor/mbedtls/psa/crypto_driver_common.h
+++ b/vendor/mbedtls/include/psa/crypto_driver_common.h
diff --git a/vendor/mbedtls/psa/crypto_driver_contexts_composites.h b/vendor/mbedtls/include/psa/crypto_driver_contexts_composites.h
index d717c51..d717c51 100644
--- a/vendor/mbedtls/psa/crypto_driver_contexts_composites.h
+++ b/vendor/mbedtls/include/psa/crypto_driver_contexts_composites.h
diff --git a/vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h b/vendor/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h
index 2119051..2119051 100644
--- a/vendor/mbedtls/psa/crypto_driver_contexts_key_derivation.h
+++ b/vendor/mbedtls/include/psa/crypto_driver_contexts_key_derivation.h
diff --git a/vendor/mbedtls/psa/crypto_driver_contexts_primitives.h b/vendor/mbedtls/include/psa/crypto_driver_contexts_primitives.h
index c90a5fb..c90a5fb 100644
--- a/vendor/mbedtls/psa/crypto_driver_contexts_primitives.h
+++ b/vendor/mbedtls/include/psa/crypto_driver_contexts_primitives.h
diff --git a/vendor/mbedtls/psa/crypto_extra.h b/vendor/mbedtls/include/psa/crypto_extra.h
index ef29b77..6ed1f6c 100644
--- a/vendor/mbedtls/psa/crypto_extra.h
+++ b/vendor/mbedtls/include/psa/crypto_extra.h
@@ -59,7 +59,7 @@ static inline void psa_set_key_enrollment_algorithm(
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
+ attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@@ -71,7 +71,7 @@ static inline void psa_set_key_enrollment_algorithm(
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
+ return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -129,7 +129,7 @@ static inline void psa_set_key_slot_number(
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(has_slot_number) = 1;
attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
@@ -142,8 +142,7 @@ static inline void psa_set_key_slot_number(
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &=
- ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(has_slot_number) = 0;
}
/** Register a key that is already present in a secure element.
@@ -198,6 +197,8 @@ psa_status_t mbedtls_psa_register_se_key(
*
* This function clears all data associated with the PSA layer,
* including the whole key store.
+ * This function is not thread safe, it wipes every key slot regardless of
+ * state and reader count. It should only be called when no slot is in use.
*
* This is an Mbed TLS extension.
*/
@@ -407,203 +408,13 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
* @{
*/
-/** Custom Diffie-Hellman group.
- *
- * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
- * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes
- * from domain parameters set by psa_set_key_domain_parameters().
- */
-#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e)
-
/** PAKE operation stages. */
#define PSA_PAKE_OPERATION_STAGE_SETUP 0
#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1
#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2
-/**
- * \brief Set domain parameters for a key.
- *
- * Some key types require additional domain parameters in addition to
- * the key type identifier and the key size. Use this function instead
- * of psa_set_key_type() when you need to specify domain parameters.
- *
- * The format for the required domain parameters varies based on the key type.
- *
- * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
- * the domain parameter data consists of the public exponent,
- * represented as a big-endian integer with no leading zeros.
- * This information is used when generating an RSA key pair.
- * When importing a key, the public exponent is read from the imported
- * key data and the exponent recorded in the attribute structure is ignored.
- * As an exception, the public exponent 65537 is represented by an empty
- * byte string.
- * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- * the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
- * ```
- * Dss-Params ::= SEQUENCE {
- * p INTEGER,
- * q INTEGER,
- * g INTEGER
- * }
- * ```
- * - For Diffie-Hellman key exchange keys
- * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
- * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
- * `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
- * ```
- * DomainParameters ::= SEQUENCE {
- * p INTEGER, -- odd prime, p=jq +1
- * g INTEGER, -- generator, g
- * q INTEGER, -- factor of p-1
- * j INTEGER OPTIONAL, -- subgroup factor
- * validationParams ValidationParams OPTIONAL
- * }
- * ValidationParams ::= SEQUENCE {
- * seed BIT STRING,
- * pgenCounter INTEGER
- * }
- * ```
- *
- * \note This function may allocate memory or other resources.
- * Once you have called this function on an attribute structure,
- * you must call psa_reset_key_attributes() to free these resources.
- *
- * \note This is an experimental extension to the interface. It may change
- * in future versions of the library.
- *
- * \param[in,out] attributes Attribute structure where the specified domain
- * parameters will be stored.
- * If this function fails, the content of
- * \p attributes is not modified.
- * \param type Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param[in] data Buffer containing the key domain parameters.
- * The content of this buffer is interpreted
- * according to \p type as described above.
- * \param data_length Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length);
-
-/**
- * \brief Get domain parameters for a key.
- *
- * Get the domain parameters for a key with this function, if any. The format
- * of the domain parameters written to \p data is specified in the
- * documentation for psa_set_key_domain_parameters().
- *
- * \note This is an experimental extension to the interface. It may change
- * in future versions of the library.
- *
- * \param[in] attributes The key attribute structure to query.
- * \param[out] data On success, the key domain parameters.
- * \param data_size Size of the \p data buffer in bytes.
- * The buffer is guaranteed to be large
- * enough if its size in bytes is at least
- * the value given by
- * PSA_KEY_DOMAIN_PARAMETERS_SIZE().
- * \param[out] data_length On success, the number of bytes
- * that make up the key domain parameters data.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
- */
-psa_status_t psa_get_key_domain_parameters(
- const psa_key_attributes_t *attributes,
- uint8_t *data,
- size_t data_size,
- size_t *data_length);
-
-/** Safe output buffer size for psa_get_key_domain_parameters().
- *
- * This macro returns a compile-time constant if its arguments are
- * compile-time constants.
- *
- * \warning This function may call its arguments multiple times or
- * zero times, so you should not pass arguments that contain
- * side effects.
- *
- * \note This is an experimental extension to the interface. It may change
- * in future versions of the library.
- *
- * \param key_type A supported key type.
- * \param key_bits The size of the key in bits.
- *
- * \return If the parameters are valid and supported, return
- * a buffer size in bytes that guarantees that
- * psa_get_key_domain_parameters() will not fail with
- * #PSA_ERROR_BUFFER_TOO_SMALL.
- * If the parameters are a valid combination that is not supported
- * by the implementation, this macro shall return either a
- * sensible size or 0.
- * If the parameters are not valid, the
- * return value is unspecified.
- */
-#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \
- (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \
- PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
- PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
- 0)
-#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
- (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
-#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \
- (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
-
/**@}*/
-/** \defgroup psa_tls_helpers TLS helper functions
- * @{
- */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#include <mbedtls/ecp.h>
-
-/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
- *
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param grpid An Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits On success, the bit size of the curve.
- *
- * \return The corresponding PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \return \c 0 on failure (\p grpid is not recognized).
- */
-psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
- size_t *bits);
-
-/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
- *
- * \note This function is provided solely for the convenience of
- * Mbed TLS and may be removed at any time without notice.
- *
- * \param curve A PSA elliptic curve identifier
- * (`PSA_ECC_FAMILY_xxx`).
- * \param bits The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- * to the nearest multiple of 8. This allows the caller
- * to infer the exact curve from the length of a key
- * which is supplied as a byte string.
- *
- * \return The corresponding Mbed TLS elliptic curve identifier
- * (`MBEDTLS_ECP_DP_xxx`).
- * \return #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return #MBEDTLS_ECP_DP_NONE if \p bits is not
- * correct for \p curve.
- */
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
- size_t bits,
- int bits_is_sloppy);
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-/**@}*/
/** \defgroup psa_external_rng External random generator
* @{
@@ -1889,8 +1700,12 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
/** Returns a suitable initializer for a PAKE operation object of type
* psa_pake_operation_t.
*/
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_PAKE_OPERATION_INIT { 0 }
+#else
#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
{ 0 }, { { 0 } } }
+#endif
struct psa_pake_cipher_suite_s {
psa_algorithm_t algorithm;
@@ -2018,6 +1833,9 @@ struct psa_jpake_computation_stage_s {
((round) == PSA_JPAKE_FIRST ? 2 : 1))
struct psa_pake_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -2043,6 +1861,7 @@ struct psa_pake_operation_s {
psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs);
} MBEDTLS_PRIVATE(data);
+#endif
};
static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
diff --git a/vendor/mbedtls/psa/crypto_legacy.h b/vendor/mbedtls/include/psa/crypto_legacy.h
index 7df3614..7df3614 100644
--- a/vendor/mbedtls/psa/crypto_legacy.h
+++ b/vendor/mbedtls/include/psa/crypto_legacy.h
diff --git a/vendor/mbedtls/psa/crypto_platform.h b/vendor/mbedtls/include/psa/crypto_platform.h
index f32a101..a871ee1 100644
--- a/vendor/mbedtls/psa/crypto_platform.h
+++ b/vendor/mbedtls/include/psa/crypto_platform.h
@@ -23,10 +23,10 @@
#include "mbedtls/private_access.h"
/*
- * Include the build-time configuration information file. Here, we do not
+ * Include the build-time configuration information header. Here, we do not
* include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
* is basically just an alias to it. This is to ease the maintenance of the
- * PSA cryptography repository which has a different build system and
+ * TF-PSA-Crypto repository which has a different build system and
* configuration.
*/
#include "psa/build_info.h"
@@ -89,4 +89,14 @@ typedef struct {
} mbedtls_psa_external_random_context_t;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+/** The type of the client handle used in context structures
+ *
+ * When a client view of the multipart context structures is required,
+ * this handle is used to keep a mapping with the service side of the
+ * context which contains the actual data.
+ */
+typedef uint32_t mbedtls_psa_client_handle_t;
+#endif
+
#endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/vendor/mbedtls/psa/crypto_se_driver.h b/vendor/mbedtls/include/psa/crypto_se_driver.h
index 9ce14bb..9ce14bb 100644
--- a/vendor/mbedtls/psa/crypto_se_driver.h
+++ b/vendor/mbedtls/include/psa/crypto_se_driver.h
diff --git a/vendor/mbedtls/psa/crypto_sizes.h b/vendor/mbedtls/include/psa/crypto_sizes.h
index d22bf10..635ee98 100644
--- a/vendor/mbedtls/psa/crypto_sizes.h
+++ b/vendor/mbedtls/include/psa/crypto_sizes.h
@@ -29,10 +29,10 @@
#define PSA_CRYPTO_SIZES_H
/*
- * Include the build-time configuration information file. Here, we do not
+ * Include the build-time configuration information header. Here, we do not
* include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
* is basically just an alias to it. This is to ease the maintenance of the
- * PSA cryptography repository which has a different build system and
+ * TF-PSA-Crypto repository which has a different build system and
* configuration.
*/
#include "psa/build_info.h"
@@ -224,10 +224,20 @@
#endif
/* The maximum size of an DH key on this implementation, in bits.
- *
- * Note that an implementation may set different size limits for different
- * operations, and does not need to accept all key sizes up to the limit. */
+ * This is a vendor-specific macro.*/
+#if defined(PSA_WANT_DH_RFC7919_8192)
#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
+#elif defined(PSA_WANT_DH_RFC7919_6144)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u
+#elif defined(PSA_WANT_DH_RFC7919_4096)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u
+#elif defined(PSA_WANT_DH_RFC7919_3072)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u
+#elif defined(PSA_WANT_DH_RFC7919_2048)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u
+#else
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u
+#endif
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
diff --git a/vendor/mbedtls/psa/crypto_struct.h b/vendor/mbedtls/include/psa/crypto_struct.h
index d5ea8d5..3913551 100644
--- a/vendor/mbedtls/psa/crypto_struct.h
+++ b/vendor/mbedtls/include/psa/crypto_struct.h
@@ -54,15 +54,23 @@
extern "C" {
#endif
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
/* Include the context definition for the compiled-in drivers for the primitive
* algorithms. */
#include "psa/crypto_driver_contexts_primitives.h"
struct psa_hash_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -71,9 +79,13 @@ struct psa_hash_operation_s {
* any driver (i.e. the driver context is not active, in use). */
unsigned int MBEDTLS_PRIVATE(id);
psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
-
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_HASH_OPERATION_INIT { 0 }
+#else
#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
+#endif
static inline struct psa_hash_operation_s psa_hash_operation_init(void)
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@@ -81,6 +93,9 @@ static inline struct psa_hash_operation_s psa_hash_operation_init(void)
}
struct psa_cipher_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -95,9 +110,14 @@ struct psa_cipher_operation_s {
uint8_t MBEDTLS_PRIVATE(default_iv_length);
psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_CIPHER_OPERATION_INIT { 0 }
+#else
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
+#endif
static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@@ -109,6 +129,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
#include "psa/crypto_driver_contexts_composites.h"
struct psa_mac_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -119,9 +142,14 @@ struct psa_mac_operation_s {
uint8_t MBEDTLS_PRIVATE(mac_size);
unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_MAC_OPERATION_INIT { 0 }
+#else
#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
static inline struct psa_mac_operation_s psa_mac_operation_init(void)
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@@ -129,7 +157,9 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void)
}
struct psa_aead_operation_s {
-
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -151,9 +181,14 @@ struct psa_aead_operation_s {
unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_AEAD_OPERATION_INIT { 0 }
+#else
#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
+#endif
static inline struct psa_aead_operation_s psa_aead_operation_init(void)
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@@ -165,14 +200,22 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void)
#include "psa/crypto_driver_contexts_key_derivation.h"
struct psa_key_derivation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
psa_algorithm_t MBEDTLS_PRIVATE(alg);
unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
size_t MBEDTLS_PRIVATE(capacity);
psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 }
+#else
/* This only zeroes out the first byte in the union, the rest is unspecified. */
#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
void)
{
@@ -180,6 +223,22 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
return v;
}
+struct psa_key_production_parameters_s {
+ /* Future versions may add other fields in this structure. */
+ uint32_t flags;
+ uint8_t data[];
+};
+
+/** The default production parameters for key generation or key derivation.
+ *
+ * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext()
+ * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and
+ * `params_data_length == 0` is equivalent to
+ * calling psa_generate_key() or psa_key_derivation_output_key()
+ * respectively.
+ */
+#define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 }
+
struct psa_key_policy_s {
psa_key_usage_t MBEDTLS_PRIVATE(usage);
psa_algorithm_t MBEDTLS_PRIVATE(alg);
@@ -207,57 +266,39 @@ typedef uint16_t psa_key_bits_t;
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
-/** A mask of flags that can be stored in key attributes.
- *
- * This type is also used internally to store flags in slots. Internal
- * flags are defined in library/psa_crypto_core.h. Internal flags may have
- * the same value as external flags if they are properly handled during
- * key creation and in psa_get_key_attributes.
- */
-typedef uint16_t psa_key_attributes_flag_t;
-
-#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
- ((psa_key_attributes_flag_t) 0x0001)
-
-/* A mask of key attribute flags used externally only.
- * Only meant for internal checks inside the library. */
-#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
- MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
- 0)
-
-/* A mask of key attribute flags used both internally and externally.
- * Currently there aren't any. */
-#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
- 0)
-
-typedef struct {
- psa_key_type_t MBEDTLS_PRIVATE(type);
- psa_key_bits_t MBEDTLS_PRIVATE(bits);
- psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
- mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
- psa_key_policy_t MBEDTLS_PRIVATE(policy);
- psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
-} psa_core_key_attributes_t;
-
-#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
- PSA_KEY_LIFETIME_VOLATILE, \
- MBEDTLS_SVC_KEY_ID_INIT, \
- PSA_KEY_POLICY_INIT, 0 }
-
struct psa_key_attributes_s {
- psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
+ int MBEDTLS_PRIVATE(has_slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *MBEDTLS_PRIVATE(domain_parameters);
- size_t MBEDTLS_PRIVATE(domain_parameters_size);
+ psa_key_type_t MBEDTLS_PRIVATE(type);
+ psa_key_bits_t MBEDTLS_PRIVATE(bits);
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+ psa_key_policy_t MBEDTLS_PRIVATE(policy);
+ /* This type has a different layout in the client view wrt the
+ * service view of the key id, i.e. in service view usually is
+ * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
+ * thus adding an owner field to the standard psa_key_id_t. For
+ * implementations with client/service separation, this means the
+ * object will be marshalled through a transport channel and
+ * interpreted differently at each side of the transport. Placing
+ * it at the end of structures allows to interpret the structure
+ * at the client without reorganizing the memory layout of the
+ * struct
+ */
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
+#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0, 0,
#else
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
+#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER
#endif
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
+ PSA_KEY_TYPE_NONE, 0, \
+ PSA_KEY_LIFETIME_VOLATILE, \
+ PSA_KEY_POLICY_INIT, \
+ MBEDTLS_SVC_KEY_ID_INIT }
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
{
@@ -268,12 +309,12 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void)
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key)
{
- psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
+ psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(lifetime);
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
+ attributes->MBEDTLS_PRIVATE(id) = key;
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
+ attributes->MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
@@ -283,26 +324,26 @@ static inline void psa_set_key_id(psa_key_attributes_t *attributes,
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id);
+ return attributes->MBEDTLS_PRIVATE(id);
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
+ attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
}
#endif
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
+ attributes->MBEDTLS_PRIVATE(lifetime) = lifetime;
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
+ attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
+ attributes->MBEDTLS_PRIVATE(id) = 0;
#endif
}
}
@@ -310,7 +351,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
+ return attributes->MBEDTLS_PRIVATE(lifetime);
}
static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
@@ -328,75 +369,62 @@ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
psa_extend_key_usage_flags(&usage_flags);
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
+ attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
+ return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
+ attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
+ return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
}
-/* This function is declared in crypto_extra.h, which comes after this
- * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length);
-
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL) {
- /* Common case: quick path */
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
- } else {
- /* Call the bigger function to free the old domain parameters.
- * Ignore any errors which may arise due to type requiring
- * non-default domain parameters, since this function can't
- * report errors. */
- (void) psa_set_key_domain_parameters(attributes, type, NULL, 0);
- }
+ attributes->MBEDTLS_PRIVATE(type) = type;
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type);
+ return attributes->MBEDTLS_PRIVATE(type);
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if (bits > PSA_MAX_KEY_BITS) {
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
+ attributes->MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
} else {
- attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
+ attributes->MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits);
+ return attributes->MBEDTLS_PRIVATE(bits);
}
/**
* \brief The context for PSA interruptible hash signing.
*/
struct psa_sign_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -410,9 +438,14 @@ struct psa_sign_hash_interruptible_operation_s {
unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
static inline struct psa_sign_hash_interruptible_operation_s
psa_sign_hash_interruptible_operation_init(void)
@@ -427,6 +460,9 @@ psa_sign_hash_interruptible_operation_init(void)
* \brief The context for PSA interruptible hash verification.
*/
struct psa_verify_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_psa_client_handle_t handle;
+#else
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
* drivers halfway through the operation is not supported.
@@ -440,9 +476,14 @@ struct psa_verify_hash_interruptible_operation_s {
unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
};
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
static inline struct psa_verify_hash_interruptible_operation_s
psa_verify_hash_interruptible_operation_init(void)
diff --git a/vendor/mbedtls/psa/crypto_types.h b/vendor/mbedtls/include/psa/crypto_types.h
index 5a1318d..c21bad8 100644
--- a/vendor/mbedtls/psa/crypto_types.h
+++ b/vendor/mbedtls/include/psa/crypto_types.h
@@ -21,8 +21,15 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
-/* Make sure the Mbed TLS configuration is visible. */
-#include "mbedtls/build_info.h"
+/*
+ * Include the build-time configuration information header. Here, we do not
+ * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
+ * is basically just an alias to it. This is to ease the maintenance of the
+ * TF-PSA-Crypto repository which has a different build system and
+ * configuration.
+ */
+#include "psa/build_info.h"
+
/* Define the MBEDTLS_PRIVATE macro. */
#include "mbedtls/private_access.h"
@@ -448,6 +455,30 @@ typedef uint64_t psa_key_slot_number_t;
*/
typedef uint16_t psa_key_derivation_step_t;
+/** \brief Custom parameters for key generation or key derivation.
+ *
+ * This is a structure type with at least the following fields:
+ *
+ * - \c flags: an unsigned integer type. 0 for the default production parameters.
+ * - \c data: a flexible array of bytes.
+ *
+ * The interpretation of this structure depend on the type of the
+ * created key.
+ *
+ * - #PSA_KEY_TYPE_RSA_KEY_PAIR:
+ * - \c flags: must be 0.
+ * - \c data: the public exponent, in little-endian order.
+ * This must be an odd integer and must not be 1.
+ * Implementations must support 65537, should support 3 and may
+ * support other values.
+ * When not using a driver, Mbed TLS supports values up to \c INT_MAX.
+ * If this is empty or if the custom production parameters are omitted
+ * altogether, the default value 65537 is used.
+ * - Other key types: reserved for future use. \c flags must be 0.
+ *
+ */
+typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
+
/**@}*/
#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/vendor/mbedtls/psa/crypto_values.h b/vendor/mbedtls/include/psa/crypto_values.h
index a17879b..1d678db 100644
--- a/vendor/mbedtls/psa/crypto_values.h
+++ b/vendor/mbedtls/include/psa/crypto_values.h
@@ -279,6 +279,11 @@
* to read from a resource. */
#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143)
+/** This can be returned if a function can no longer operate correctly.
+ * For example, if an essential initialization operation failed or
+ * a mutex operation failed. */
+#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144)
+
/** The key identifier is not valid. See also :ref:\`key-handles\`.
*/
#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136)
@@ -408,7 +413,7 @@
((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
/** The public key type corresponding to a key pair type.
*
- * You may also pass a key pair type as \p type, it will be left unchanged.
+ * You may also pass a public key type as \p type, it will be left unchanged.
*
* \param type A public key type or key pair type.
*
@@ -594,19 +599,23 @@
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
+ *
+ * \note For secp224k1, the bit-size is 225 (size of a private value).
+ *
+ * \note Mbed TLS only supports secp192k1 and secp256k1.
*/
#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17)
/** SEC random curves over prime fields.
*
* This family comprises the following curves:
- * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
+ * secp192r1, secp224r1, secp256r1, secp384r1, secp521r1.
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
*/
#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12)
-/* SECP160R2 (SEC2 v1, obsolete) */
+/* SECP160R2 (SEC2 v1, obsolete, not supported in Mbed TLS) */
#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b)
/** SEC Koblitz curves over binary fields.
@@ -616,6 +625,8 @@
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
+ *
+ * \note Mbed TLS does not support any curve in this family.
*/
#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27)
@@ -626,6 +637,8 @@
* They are defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
+ *
+ * \note Mbed TLS does not support any curve in this family.
*/
#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22)
@@ -636,6 +649,8 @@
* It is defined in _Standards for Efficient Cryptography_,
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
* https://www.secg.org/sec2-v2.pdf
+ *
+ * \note Mbed TLS does not support any curve in this family.
*/
#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b)
@@ -645,6 +660,9 @@
* brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
* brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
* It is defined in RFC 5639.
+ *
+ * \note Mbed TLS only supports the 256-bit, 384-bit and 512-bit curves
+ * in this family.
*/
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30)
@@ -673,6 +691,8 @@
* - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent
* to Curve448.
* Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ *
+ * \note Mbed TLS does not support Edwards curves yet.
*/
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
diff --git a/vendor/mbedtls/psa_util.h b/vendor/mbedtls/psa_util.h
deleted file mode 100644
index 643e8aa..0000000
--- a/vendor/mbedtls/psa_util.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/**
- * \file psa_util.h
- *
- * \brief Utility functions for the use of the PSA Crypto library.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_PSA_UTIL_H
-#define MBEDTLS_PSA_UTIL_H
-#include "mbedtls/private_access.h"
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-/* Expose whatever RNG the PSA subsystem uses to applications using the
- * mbedtls_xxx API. The declarations and definitions here need to be
- * consistent with the implementation in library/psa_crypto_random_impl.h.
- * See that file for implementation documentation. */
-
-
-/* The type of a `f_rng` random generator function that many library functions
- * take.
- *
- * This type name is not part of the Mbed TLS stable API. It may be renamed
- * or moved without warning.
- */
-typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
-/** The random generator function for the PSA subsystem.
- *
- * This function is suitable as the `f_rng` random generator function
- * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
- * to obtain the \p p_rng parameter.
- *
- * The implementation of this function depends on the configuration of the
- * library.
- *
- * \note Depending on the configuration, this may be a function or
- * a pointer to a function.
- *
- * \note This function may only be used if the PSA crypto subsystem is active.
- * This means that you must call psa_crypto_init() before any call to
- * this function, and you must not call this function after calling
- * mbedtls_psa_crypto_free().
- *
- * \param p_rng The random generator context. This must be
- * #MBEDTLS_PSA_RANDOM_STATE. No other state is
- * supported.
- * \param output The buffer to fill. It must have room for
- * \c output_size bytes.
- * \param output_size The number of bytes to write to \p output.
- * This function may fail if \p output_size is too
- * large. It is guaranteed to accept any output size
- * requested by Mbed TLS library functions. The
- * maximum request size depends on the library
- * configuration.
- *
- * \return \c 0 on success.
- * \return An `MBEDTLS_ERR_ENTROPY_xxx`,
- * `MBEDTLS_ERR_PLATFORM_xxx,
- * `MBEDTLS_ERR_CTR_DRBG_xxx` or
- * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
- */
-int mbedtls_psa_get_random(void *p_rng,
- unsigned char *output,
- size_t output_size);
-
-/** The random generator state for the PSA subsystem.
- *
- * This macro expands to an expression which is suitable as the `p_rng`
- * random generator state parameter of many `mbedtls_xxx` functions.
- * It must be used in combination with the random generator function
- * mbedtls_psa_get_random().
- *
- * The implementation of this macro depends on the configuration of the
- * library. Do not make any assumption on its nature.
- */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-#endif /* MBEDTLS_PSA_UTIL_H */