eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PSA: allow the configuration to favor HMAC_DRBG

Browse source 
Allow the user to configure PSA to use HMAC_DRBG even if CTR_DRBG is
available, or to explicitly select the hash algorithm to use for
HMAC_DRBG, by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE in config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-11-13 21:33:21 +01:00
parent 82e57d1611
commit ed03890281
2 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
include/mbedtls/config.h
View file

@ -3635,6 +3635,20 @@
*/
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
/* PSA options */
/** \def MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
*
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem.
*
* If this option is unset:
* - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
* - Otherwise, the PSA subsystem uses one HMAC_DRBG with of
* #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
* on unspecified heuristics.
*/
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */