diff --git a/ChangeLog.d/sha256-armce-arm.txt b/ChangeLog.d/sha256-armce-arm.txt index c1211f0c9..13d4dda1a 100644 --- a/ChangeLog.d/sha256-armce-arm.txt +++ b/ChangeLog.d/sha256-armce-arm.txt @@ -1,3 +1,7 @@ Features * Support Armv8 Crypto Extension acceleration for SHA-256 when compiling for Thumb or 32-bit Arm. +New deprecations + * Rename the SHAxxx_USE_A64_CRYPTO_yyy config options to + SHAxxx_USE_ARMV8_CRYPTO_yyy. The old names may still be + used, but are deprecated. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 158070783..24b3e03e2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -829,44 +829,44 @@ #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) -#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*" +#if defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT) && \ + defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY) +#error "Must only define one of MBEDTLS_SHA512_USE_ARMV8_CRYPTO_*" #endif -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) +#if defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT) || \ + defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY) #if !defined(MBEDTLS_SHA512_C) -#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C" +#error "MBEDTLS_SHA512_USE_ARMV8_CRYPTO_* defined without MBEDTLS_SHA512_C" #endif #if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT) -#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" +#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_ARMV8_CRYPTO_*" #endif -#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ +#endif /* MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY */ -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__) -#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system" +#if defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY) && !defined(__aarch64__) +#error "MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY defined on non-Aarch64 system" #endif -#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \ - defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) -#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*" +#if defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_IF_PRESENT) && \ + defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY) +#error "Must only define one of MBEDTLS_SHA256_USE_ARMV8_CRYPTO_*" #endif -#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) +#if defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_IF_PRESENT) || \ + defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY) #if !defined(MBEDTLS_SHA256_C) -#error "MBEDTLS_SHA256_USE_A64_CRYPTO_* defined without MBEDTLS_SHA256_C" +#error "MBEDTLS_SHA256_USE_ARMV8_CRYPTO_* defined without MBEDTLS_SHA256_C" #endif #if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT) -#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*" +#error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_CRYPTO_*" #endif #endif -#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8) -#error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Armv8 system" +#if defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY) && !defined(MBEDTLS_ARCH_IS_ARMV8) +#error "MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY defined on non-Armv8 system" #endif /* TLS 1.3 requires separate HKDF parts from PSA, diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 78a5bb1d8..bd356da59 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -186,16 +186,16 @@ /* Backwards compatibility for some macros which were renamed to reflect that * they are related to Armv8, not aarch64. */ -#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) +#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && !defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_IF_PRESENT) #define MBEDTLS_SHA256_USE_ARMV8_CRYPTO_IF_PRESENT #endif -#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) +#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY) #define MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY #endif -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) +#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && !defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT) #define MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT #endif -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) +#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY) #define MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f9ad2b6f9..0cbb0ee41 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3345,7 +3345,7 @@ * This name is now deprecated, but may still be used as an alternative form for * this option. */ -//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT +//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY /** * \def MBEDTLS_SHA384_C diff --git a/scripts/config.py b/scripts/config.py index 1a71cb35f..619782b89 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -215,6 +215,8 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA256_USE_ARMV8_CRYPTO_ONLY', # interacts with *_USE_ARMV8_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA512_USE_ARMV8_CRYPTO_ONLY', # interacts with *_USE_ARMV8_CRYPTO_IF_PRESENT 'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) @@ -280,6 +282,8 @@ EXCLUDE_FROM_BAREMETAL = frozenset([ 'MBEDTLS_TIMING_C', # requires a clock 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection + 'MBEDTLS_SHA256_USE_ARMV8_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection + 'MBEDTLS_SHA512_USE_ARMV8_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) def keep_in_baremetal(name):