Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / dee8b6ff4e7473d95541e1630af135d4808e8b3c^! / . / drivers / auth / mbedtls / mbedtls_crypto.c
commitdee8b6ff4e7473d95541e1630af135d4808e8b3c[log] [tgz]
authorGovindraj Raja <govindraj.raja@arm.com>Thu Jan 12 15:34:12 2023 +0000
committerGovindraj Raja <govindraj.raja@arm.com>Tue Feb 21 11:09:47 2023 +0000
treee68b79e2544ca7078970c0b072553d542a9268e3
parenta2872f97ec3904b8954999be7c88930716089b8a [diff] [blame]
feat(mbedtls): add support for mbedtls-3.3

TF-A support for mbedtls3.x has been overdue by number of releases.
As per mbedtls support it was advised to use latest and greatest
mbedtls-3.3. But mbedtls-3.x breaks API compatibility with
mbedtls-2.x

To maintain comptability for mbedtls-2.x and enable mbedtls-3.x
support add a functionality into makefile to determine the major version
of mbedtls and use that to selective include or compile files
that are present.

With mbedtls-3.x numerous other config changes have been done.
Some of the config options deprecated or enabled by default.
Thus we decided to introduce a new 3.x config file part of this
change for building TF-A with mbedtls-3.3.

For futher information on migrating to mbedtls 3.x refer to:
https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md

Change-Id: Ia8106d6f526809df927d608db27fe149623258ed
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index b13a460..4241d21 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c

@@ -295,6 +295,7 @@
 	unsigned char *pt = data_ptr;
 	size_t dec_len;
 	int diff, i, rc;
+	size_t output_length __unused;
 
 	mbedtls_gcm_init(&ctx);
 
@@ -304,7 +305,11 @@
 		goto exit_gcm;
 	}
 
+#if (MBEDTLS_VERSION_MAJOR < 3)
 	rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len, NULL, 0);
+#else
+	rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len);
+#endif
 	if (rc != 0) {
 		rc = CRYPTO_ERR_DECRYPTION;
 		goto exit_gcm;
@@ -313,7 +318,12 @@
 	while (len > 0) {
 		dec_len = MIN(sizeof(buf), len);
 
+#if (MBEDTLS_VERSION_MAJOR < 3)
 		rc = mbedtls_gcm_update(&ctx, dec_len, pt, buf);
+#else
+		rc = mbedtls_gcm_update(&ctx, pt, dec_len, buf, sizeof(buf), &output_length);
+#endif
+
 		if (rc != 0) {
 			rc = CRYPTO_ERR_DECRYPTION;
 			goto exit_gcm;
@@ -324,7 +334,12 @@
 		len -= dec_len;
 	}
 
+#if (MBEDTLS_VERSION_MAJOR < 3)
 	rc = mbedtls_gcm_finish(&ctx, tag_buf, sizeof(tag_buf));
+#else
+	rc = mbedtls_gcm_finish(&ctx, NULL, 0, &output_length, tag_buf, sizeof(tag_buf));
+#endif
+
 	if (rc != 0) {
 		rc = CRYPTO_ERR_DECRYPTION;
 		goto exit_gcm;