From ea14b51b838df0df1253df9259982bd57f26669e Mon Sep 17 00:00:00 2001
From: Alexei Fedorov <Alexei.Fedorov@arm.com>
Date: Mon, 21 Sep 2020 12:23:54 +0100
Subject: [PATCH] Crypto library: Migrate support to MbedTLS v2.24.0

This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.

Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
---
 docs/getting_started/prerequisites.rst        | 2 +-
 drivers/auth/mbedtls/mbedtls_common.mk        | 3 +--
 include/drivers/auth/mbedtls/mbedtls_config.h | 9 ++++++++-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
index 13e25cd0e..91ecdf31c 100644
--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
@@ -60,7 +60,7 @@ supporting tools:
 
 The following libraries are required for Trusted Board Boot support:
 
-- mbed TLS == 2.18.0 (tag: ``mbedtls-2.18.0``)
+- mbed TLS == 2.24.0 (tag: ``mbedtls-2.24.0``)
 
 These tools are optional:
 
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 8454105c2..53ebe30b6 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2020, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -35,7 +35,6 @@ LIBMBEDTLS_SRCS		:= $(addprefix ${MBEDTLS_DIR}/library/,	\
 					bignum.c				\
 					gcm.c 					\
 					md.c					\
-					md_wrap.c				\
 					pk.c 					\
 					pk_wrap.c 				\
 					pkparse.c 				\
diff --git a/include/drivers/auth/mbedtls/mbedtls_config.h b/include/drivers/auth/mbedtls/mbedtls_config.h
index dc00da7d6..ad39fa906 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -63,6 +63,7 @@
 #define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_NO_INTERNAL_RNG
 #endif
 #if TF_MBEDTLS_USE_RSA
 #define MBEDTLS_RSA_C
@@ -101,6 +102,12 @@
 /* Memory buffer allocator options */
 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
 
+/*
+ * Prevent the use of 128-bit division which
+ * creates dependency on external libraries.
+ */
+#define MBEDTLS_NO_UDBL_DIVISION
+
 #ifndef __ASSEMBLER__
 /* System headers required to build mbed TLS with the current configuration */
 #include <stdlib.h>