PSA: allow the configuration to favor HMAC_DRBG
Allow the user to configure PSA to use HMAC_DRBG even if CTR_DRBG is available, or to explicitly select the hash algorithm to use for HMAC_DRBG, by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE in config.h. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
82e57d1611
commit
ed03890281
2 changed files with 22 additions and 0 deletions
|
@ -3635,6 +3635,20 @@
|
|||
*/
|
||||
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
|
||||
|
||||
/* PSA options */
|
||||
/** \def MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
|
||||
*
|
||||
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
|
||||
* PSA crypto subsystem.
|
||||
*
|
||||
* If this option is unset:
|
||||
* - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
|
||||
* - Otherwise, the PSA subsystem uses one HMAC_DRBG with of
|
||||
* #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
|
||||
* on unspecified heuristics.
|
||||
*/
|
||||
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue