Hi,
I am trying to compile MbedTLS 3.5.2 release without PSA but get below error message:
mbedtls/check_config.h:62:2: #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:66:2: #error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:70:2: #error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:74:2: #error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:78:2: #error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:82:2: #error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:86:2: #error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:90:2: #error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:94:2: #error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:98:2: #error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:102:2: #error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:111:2: #error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:391:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:397:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:406:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:418:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:425:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:481:2: #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" mbedtls/check_config.h:725:2: #error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" mbedtls/check_config.h:879:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:885:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
Regards, Prakash
Hi Prakash,
To disable PSA crypto, disable all the options that start with MBEDTLS_PSA. From the default configuration, that means commenting out these three options:
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_STORAGE_C //#define MBEDTLS_PSA_ITS_FILE_C
The errors you list show that you started from a different configuration that has a lot more enabled. It's difficult to help without knowing what, but I recommend that you just start with the default configuration, or start with an empty configuration and build up to what you want.
Best regards,
Hi,
Many thanks for your reply. Can you please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture?
Please provide some more information on it.
Regards, Prakash
On Wed, Mar 13, 2024 at 8:54 PM Gilles Peskine gilles.peskine@arm.com wrote:
Hi Prakash,
To disable PSA crypto, disable all the options that start with MBEDTLS_PSA. From the default configuration, that means commenting out these three options:
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_STORAGE_C //#define MBEDTLS_PSA_ITS_FILE_C
The errors you list show that you started from a different configuration that has a lot more enabled. It's difficult to help without knowing what, but I recommend that you just start with the default configuration, or start with an empty configuration and build up to what you want.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 13/03/2024 05:12, Satya Prakash Prasad via mbed-tls wrote:
Hi,
I am trying to compile MbedTLS 3.5.2 release without PSA but get below error message:
mbedtls/check_config.h:62:2: #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:66:2: #error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:70:2: #error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:74:2: #error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:78:2: #error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:82:2: #error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:86:2: #error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:90:2: #error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:94:2: #error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:98:2: #error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:102:2: #error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:111:2: #error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:391:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:397:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:406:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:418:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:425:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:481:2: #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" mbedtls/check_config.h:725:2: #error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" mbedtls/check_config.h:879:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:885:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
Regards, Prakash
Hi,
Please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture how the same is related to TLS security?
Please provide some more information on it.
Regards, Prakash
On Thu, Mar 14, 2024 at 5:09 AM Satya Prakash Prasad satyaprakash.developer.unix@gmail.com wrote:
Hi,
Many thanks for your reply. Can you please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture?
Please provide some more information on it.
Regards, Prakash
On Wed, Mar 13, 2024 at 8:54 PM Gilles Peskine gilles.peskine@arm.com wrote:
Hi Prakash,
To disable PSA crypto, disable all the options that start with MBEDTLS_PSA. From the default configuration, that means commenting out these three options:
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_STORAGE_C //#define MBEDTLS_PSA_ITS_FILE_C
The errors you list show that you started from a different configuration that has a lot more enabled. It's difficult to help without knowing what, but I recommend that you just start with the default configuration, or start with an empty configuration and build up to what you want.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 13/03/2024 05:12, Satya Prakash Prasad via mbed-tls wrote:
Hi,
I am trying to compile MbedTLS 3.5.2 release without PSA but get below error message:
mbedtls/check_config.h:62:2: #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:66:2: #error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:70:2: #error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:74:2: #error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:78:2: #error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:82:2: #error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:86:2: #error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:90:2: #error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:94:2: #error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:98:2: #error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:102:2: #error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:111:2: #error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:391:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:397:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:406:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:418:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:425:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:481:2: #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" mbedtls/check_config.h:725:2: #error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" mbedtls/check_config.h:879:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:885:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
Regards, Prakash
Hi,
I am still unable to build MBedTLS without PSA - I get the following error:
In file included from mbedtls/library/psa_crypto_driver_wrappers.c:10: mbedtls/library/psa_crypto_aead.h:12:24: psa/crypto.h: No such file or directory In file included from mbedtls/library/psa_crypto_driver_wrappers.c:10: mbedtls/library/psa_crypto_aead.h:67: error: syntax error before "mbedtls_psa_aead_encrypt" mbedtls/library/psa_crypto_aead.h:68: warning: type defaults to `int' in declaration of `psa_key_attributes_t' mbedtls/library/psa_crypto_aead.h:68: error: syntax error before '*' token mbedtls/library/psa_crypto_aead.h:74: warning: type defaults to `int' in declaration of `mbedtls_psa_aead_encrypt' mbedtls/library/psa_crypto_aead.h:74: warning: data definition has no type or storage class mbedtls/library/psa_crypto_aead.h:130: error: syntax error before "mbedtls_psa_aead_decrypt" mbedtls/library/psa_crypto_aead.h:131: warning: type defaults to `int' in declaration of `psa_key_attributes_t' mbedtls/library/psa_crypto_aead.h:131: error: syntax error before '*' token mbedtls/library/psa_crypto_aead.h:137: warning: type defaults to `int' in declaration of `mbedtls_psa_aead_decrypt' mbedtls/library/psa_crypto_aead.h:137: warning: data definition has no type or storage class In file included from mbedtls/library/psa_crypto_driver_wrappers.c:11: mbedtls/library/psa_crypto_cipher.h:28: error: syntax error before "alg" mbedtls/library/psa_crypto_cipher.h:55: error: syntax error before "mbedtls_psa_cipher_encrypt_setup" mbedtls/library/psa_crypto_cipher.h:56: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:59: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_encrypt_setup' mbedtls/library/psa_crypto_cipher.h:59: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:85: error: syntax error before "mbedtls_psa_cipher_decrypt_setup" mbedtls/library/psa_crypto_cipher.h:86: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:89: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_decrypt_setup' mbedtls/library/psa_crypto_cipher.h:89: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:113: error: syntax error before "mbedtls_psa_cipher_set_iv" mbedtls/library/psa_crypto_cipher.h:114: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:115: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_set_iv' mbedtls/library/psa_crypto_cipher.h:115: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:138: error: syntax error before "mbedtls_psa_cipher_update" mbedtls/library/psa_crypto_cipher.h:139: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:141: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_update' mbedtls/library/psa_crypto_cipher.h:141: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:169: error: syntax error before "mbedtls_psa_cipher_finish" mbedtls/library/psa_crypto_cipher.h:170: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:171: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_finish' mbedtls/library/psa_crypto_cipher.h:171: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:188: error: syntax error before "mbedtls_psa_cipher_abort" mbedtls/library/psa_crypto_cipher.h:188: error: syntax error before '*' token mbedtls/library/psa_crypto_cipher.h:188: warning: type defaults to `int' in declaration of `mbedtls_psa_cipher_abort' mbedtls/library/psa_crypto_cipher.h:188: warning: data definition has no type or storage class mbedtls/library/psa_crypto_cipher.h:232: error: syntax error before "mbedtls_psa_cipher_encrypt" mbedtls/library/psa_crypto_cipher.h:232: warning: type defaults to `int' in declaration of `psa_key_attributes_t' mbedtls/library/psa_crypto_cipher.h:232: error: syntax error before '*' token
Regards, Prakash
On Fri, Mar 15, 2024 at 6:13 AM Satya Prakash Prasad satyaprakash.developer.unix@gmail.com wrote:
Hi,
Please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture how the same is related to TLS security?
Please provide some more information on it.
Regards, Prakash
On Thu, Mar 14, 2024 at 5:09 AM Satya Prakash Prasad satyaprakash.developer.unix@gmail.com wrote:
Hi,
Many thanks for your reply. Can you please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture?
Please provide some more information on it.
Regards, Prakash
On Wed, Mar 13, 2024 at 8:54 PM Gilles Peskine gilles.peskine@arm.com wrote:
Hi Prakash,
To disable PSA crypto, disable all the options that start with MBEDTLS_PSA. From the default configuration, that means commenting out these three options:
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_STORAGE_C //#define MBEDTLS_PSA_ITS_FILE_C
The errors you list show that you started from a different configuration that has a lot more enabled. It's difficult to help without knowing what, but I recommend that you just start with the default configuration, or start with an empty configuration and build up to what you want.
Best regards,
-- Gilles Peskine Mbed TLS developer
On 13/03/2024 05:12, Satya Prakash Prasad via mbed-tls wrote:
Hi,
I am trying to compile MbedTLS 3.5.2 release without PSA but get below error message:
mbedtls/check_config.h:62:2: #error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:66:2: #error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:70:2: #error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:74:2: #error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:78:2: #error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:82:2: #error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:86:2: #error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:90:2: #error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:94:2: #error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:98:2: #error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:102:2: #error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:111:2: #error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" mbedtls/check_config.h:391:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:397:2: #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:406:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:418:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:425:2: #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:481:2: #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" mbedtls/check_config.h:725:2: #error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites" mbedtls/check_config.h:879:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" mbedtls/check_config.h:885:2: #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED defined, but not all prerequisites"
Regards, Prakash
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Satya Prakash Prasad