Skip to content

Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC #10367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC #10367

wants to merge 1 commit into from
+2 −4

Conversation

davidhorstmann-arm
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm commented Aug 20, 2025
edited
Loading

Fixes #10328

Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from components-configuration-crypto.sh. Replace them with PSA_WANT_ALG_DETERMINISTIC_ECDSA.

This is safe because:

  • MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C.
  • MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in config_adjust_legacy_from_psa.h, and only if PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined.

Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC.

PR checklist

Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.

  • changelog not required because: Internal changes only
  • development PR here
  • TF-PSA-Crypto PR not required because: Mbed TLS testing change only
  • framework PR not required
  • 3.6 PR not required because: Removal of legacy options is 4.0-only
  • tests not required because: Changes to testing itself

@davidhorstmann-arm
Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC
3492807 
Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from
components-configuration-crypto.sh. Replace them with
PSA_WANT_ALG_DETERMINISTIC_ECDSA.

This is safe because:
* MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order
  to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C.
* MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in
  config_adjust_legacy_from_psa.h, and only if
  PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined.

Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset
of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include
MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a
sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
@davidhorstmann-arm davidhorstmann-arm added needs-ci Needs to pass CI tests size-s Estimated task size: small (~2d) needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Aug 20, 2025
@davidhorstmann-arm davidhorstmann-arm moved this from In Development to In Review in Roadmap pull requests (new board) Aug 20, 2025
@davidhorstmann-arm davidhorstmann-arm changed the title Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC Aug 21, 2025
@davidhorstmann-arm davidhorstmann-arm removed the needs-ci Needs to pass CI tests label Aug 21, 2025
ronald-cron-arm
ronald-cron-arm requested changes Aug 25, 2025
View reviewed changes
tests/scripts/components-configuration-crypto.sh
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
scripts/config.py full
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"-c $CRYPTO_CONFIG_H was necessary at some point, but hasn't been for a while now. I had been planning to clean it up eventually. I know this isn’t the main focus of this PR, but would you mind cleaning it up across all the components-*.sh scripts?"

@github-project-automation github-project-automation bot moved this from In Review to In Development in Roadmap pull requests (new board) Aug 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronald-cron-arm ronald-cron-arm ronald-cron-arm requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d)
Projects
Roadmap pull requests (new board)
Status: In Development
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix MBEDTLS_ECDSA_DETERMINISTIC in components-configuration-crypto.sh
2 participants
@davidhorstmann-arm @ronald-cron-arm