Remove MBEDTLS_SHA3_C config option

ChangeLog.d/remove_SHA3_config_option.txt

@@ -0,0 +1,3 @@
+Removals
+   * Removed the MBEDTLS_SHA3_C configuration option from crypto_config.h.
+     SHA3 can now be configured with the PSA_WANT_SHA3_* options.

drivers/builtin/include/mbedtls/config_adjust_legacy_crypto.h

@@ -220,7 +220,6 @@
     defined(MBEDTLS_SHA256_C) || \
     defined(MBEDTLS_SHA384_C) || \
     defined(MBEDTLS_SHA512_C) || \
-    defined(MBEDTLS_SHA3_C) || \
     defined(MBEDTLS_RIPEMD160_C)
 #define MBEDTLS_MD_SOME_LEGACY
 #endif
@@ -379,4 +378,13 @@
 #define MBEDTLS_SSL_HAVE_AEAD
 #endif
 
+// Temporary definition to menage the removal of MBEDTLS_SHA3_C.
+// After all PR of the removal is merged this needs to be deleted.
+#if defined(PSA_WANT_ALG_SHA3_224) || \
+    defined(PSA_WANT_ALG_SHA3_256) || \
+    defined(PSA_WANT_ALG_SHA3_384) || \
+    defined(PSA_WANT_ALG_SHA3_512)
+#define MBEDTLS_SHA3_C
+#endif
+
 #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */

drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h

@@ -602,22 +602,18 @@
 
 #if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1
-#define MBEDTLS_SHA3_C
 #endif
 
 #if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1
-#define MBEDTLS_SHA3_C
 #endif
 
 #if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1
-#define MBEDTLS_SHA3_C
 #endif
 
 #if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
 #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1
-#define MBEDTLS_SHA3_C
 #endif
 
 #if defined(PSA_WANT_ALG_PBKDF2_HMAC)

drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h

@@ -61,13 +61,6 @@
 #define PSA_WANT_ALG_SHA_512 1
 #endif
 
-#if defined(MBEDTLS_SHA3_C)
-#define PSA_WANT_ALG_SHA3_224 1
-#define PSA_WANT_ALG_SHA3_256 1
-#define PSA_WANT_ALG_SHA3_384 1
-#define PSA_WANT_ALG_SHA3_512 1
-#endif
-
 /* Ensure that the PSA's supported curves (PSA_WANT_ECC_xxx) are always a
  * superset of the builtin ones (MBEDTLS_ECP_DP_xxx). */
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)

drivers/builtin/src/md.c

@@ -112,25 +112,25 @@ static const mbedtls_md_info_t mbedtls_sha512_info = {
 };
 #endif
 
-#if defined(PSA_WANT_ALG_SHA3_224)
+#if defined(PSA_WANT_ALG_SHA3_224) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
 static const mbedtls_md_info_t mbedtls_sha3_224_info = {
     MD_INFO(MBEDTLS_MD_SHA3_224, 28, 144)
 };
 #endif
 
-#if defined(PSA_WANT_ALG_SHA3_256)
+#if defined(PSA_WANT_ALG_SHA3_256) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
 static const mbedtls_md_info_t mbedtls_sha3_256_info = {
     MD_INFO(MBEDTLS_MD_SHA3_256, 32, 136)
 };
 #endif
 
-#if defined(PSA_WANT_ALG_SHA3_384)
+#if defined(PSA_WANT_ALG_SHA3_384) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
 static const mbedtls_md_info_t mbedtls_sha3_384_info = {
     MD_INFO(MBEDTLS_MD_SHA3_384, 48, 104)
 };
 #endif
 
-#if defined(PSA_WANT_ALG_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
 static const mbedtls_md_info_t mbedtls_sha3_512_info = {
     MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
 };
@@ -167,19 +167,19 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
         case MBEDTLS_MD_SHA512:
             return &mbedtls_sha512_info;
 #endif
-#if defined(PSA_WANT_ALG_SHA3_224)
+#if defined(PSA_WANT_ALG_SHA3_224) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
             return &mbedtls_sha3_224_info;
 #endif
-#if defined(PSA_WANT_ALG_SHA3_256)
+#if defined(PSA_WANT_ALG_SHA3_256) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
             return &mbedtls_sha3_256_info;
 #endif
-#if defined(PSA_WANT_ALG_SHA3_384)
+#if defined(PSA_WANT_ALG_SHA3_384) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
             return &mbedtls_sha3_384_info;
 #endif
-#if defined(PSA_WANT_ALG_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512) || defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
             return &mbedtls_sha3_512_info;
 #endif
@@ -306,13 +306,24 @@ void mbedtls_md_free(mbedtls_md_context_t *ctx)
                 mbedtls_sha512_free(ctx->md_ctx);
                 break;
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
             case MBEDTLS_MD_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
             case MBEDTLS_MD_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
             case MBEDTLS_MD_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
             case MBEDTLS_MD_SHA3_512:
-                mbedtls_sha3_free(ctx->md_ctx);
-                break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+        defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+        defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+        defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+        mbedtls_sha3_free(ctx->md_ctx);
+        break;
 #endif
             default:
                 /* Shouldn't happen */
@@ -391,13 +402,24 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst,
             mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
             break;
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
-            mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
-            break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+    mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
+    break;
 #endif
         default:
             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
@@ -481,13 +503,24 @@ int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info
             ALLOC(sha512);
             break;
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
-            ALLOC(sha3);
-            break;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+    ALLOC(sha3);
+    break;
 #endif
         default:
             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
@@ -553,13 +586,19 @@ int mbedtls_md_starts(mbedtls_md_context_t *ctx)
         case MBEDTLS_MD_SHA512:
             return mbedtls_sha512_starts(ctx->md_ctx, 0);
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
             return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
 #endif
@@ -612,12 +651,23 @@ int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, siz
         case MBEDTLS_MD_SHA512:
             return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
-            return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+    return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
 #endif
         default:
             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
@@ -670,12 +720,23 @@ int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
         case MBEDTLS_MD_SHA512:
             return mbedtls_sha512_finish(ctx->md_ctx, output);
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
-            return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
+    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
+    return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
 #endif
         default:
             return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
@@ -728,13 +789,19 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz
         case MBEDTLS_MD_SHA512:
             return mbedtls_sha512(input, ilen, output, 0);
 #endif
-#if defined(MBEDTLS_SHA3_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
         case MBEDTLS_MD_SHA3_224:
             return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
         case MBEDTLS_MD_SHA3_256:
             return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
         case MBEDTLS_MD_SHA3_384:
             return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
         case MBEDTLS_MD_SHA3_512:
             return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
 #endif