From 4bb98be277192dcc43e2f9842d111b083073e912 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 7 May 2025 14:21:20 +0100 Subject: [PATCH] initial remove of MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 4 - programs/fuzz/fuzz_dtlsclient.c | 4 - programs/fuzz/fuzz_dtlsserver.c | 4 - programs/fuzz/fuzz_server.c | 10 +-- programs/fuzz/fuzz_x509crl.c | 10 +-- programs/fuzz/fuzz_x509crt.c | 8 +- programs/fuzz/fuzz_x509csr.c | 10 +-- programs/pkey/gen_key.c | 4 - programs/pkey/pk_sign.c | 4 - programs/pkey/pk_verify.c | 4 - programs/pkey/rsa_sign_pss.c | 4 - programs/pkey/rsa_verify_pss.c | 4 - programs/ssl/ssl_client2.c | 65 ++-------------- programs/ssl/ssl_server2.c | 76 +++---------------- programs/ssl/ssl_test_lib.c | 6 +- programs/ssl/ssl_test_lib.h | 21 +----- programs/x509/cert_app.c | 4 - programs/x509/cert_req.c | 4 - programs/x509/cert_write.c | 4 - programs/x509/crl_app.c | 4 - programs/x509/load_roots.c | 4 - programs/x509/req_app.c | 4 - tests/include/test/ssl_helpers.h | 9 --- tests/src/test_helpers/ssl_helpers.c | 108 --------------------------- 24 files changed, 33 insertions(+), 346 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245ff..1840570488 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -78,12 +78,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -179,9 +177,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c38..ca7626d5ba 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,12 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -124,9 +122,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e1..4f159fbefe 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -58,12 +58,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_config_init(&conf); mbedtls_ssl_cookie_init(&cookie_ctx); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -166,9 +164,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cbc..40fd9caa0f 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -67,12 +67,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_init(&ticket_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -194,19 +192,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); -#endif +#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */ mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif +#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */ mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif -#else +#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ (void) Data; (void) Size; #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12e..ae0f85282b 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } -#else +#else /* MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crl_free(&crl); -#else +#else /* MBEDTLS_X509_CRL_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRL_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b1..709fd200f9 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -12,12 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -28,15 +26,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crt_free(&crt); -#else +#else /* MBEDTLS_X509_CRT_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1ca..1c26e6f082 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } -#else +#else /* !MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_csr_free(&csr); -#else +#else /* MBEDTLS_X509_CSR_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CSR_PARSE_C */ return 0; } diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 94604ceeb6..ba35534388 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -257,14 +257,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -473,9 +471,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 551173e496..4ddb473c0f 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -55,14 +55,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -139,9 +137,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 507812e350..27aff441a1 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -47,14 +47,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -115,9 +113,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 8f605b56bc..d94daf3977 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -57,14 +57,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -153,9 +151,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 97f9d186e8..15049203ee 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -51,14 +51,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -131,9 +129,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5e7fdf304..b76055ed5b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,9 +9,7 @@ #include "ssl_test_lib.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -145,7 +143,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -172,7 +170,6 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -185,7 +182,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -309,14 +305,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -488,9 +479,7 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -498,9 +487,7 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -824,16 +811,12 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -850,9 +833,7 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -877,10 +858,9 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -907,7 +887,6 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -915,7 +894,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -942,17 +920,13 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1127,7 +1101,7 @@ usage: } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1152,11 +1126,9 @@ usage: else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1167,11 +1139,9 @@ usage: } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1500,7 +1470,6 @@ usage: } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1515,7 +1484,6 @@ usage: goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1550,7 +1518,6 @@ usage: } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1562,7 +1529,6 @@ usage: alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1786,7 +1752,6 @@ usage: goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1805,7 +1770,6 @@ usage: } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -2006,7 +1970,6 @@ usage: #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -2027,7 +1990,6 @@ usage: goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2098,7 +2060,6 @@ usage: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,7 +2085,6 @@ usage: } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3206,13 +3166,10 @@ exit: mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3229,11 +3186,9 @@ exit: } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3252,9 +3207,8 @@ exit: psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3262,14 +3216,11 @@ exit: } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif rng_free(&rng); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 639fe5616e..cb933e7e6d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,9 +53,7 @@ int main(void) #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -205,7 +203,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -248,7 +246,6 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -270,7 +267,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -419,14 +415,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -641,10 +632,8 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -652,9 +641,7 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -962,9 +949,7 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -976,7 +961,6 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -986,7 +970,6 @@ static int psk_free(psk_entry *head) return status; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1052,11 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else -#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1302,7 +1283,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1326,7 +1306,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1543,10 +1522,8 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1574,10 +1551,8 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1609,10 +1584,9 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1621,9 +1595,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; -#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1684,7 +1656,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1692,7 +1663,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1731,19 +1701,15 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1924,7 +1890,7 @@ usage: } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1973,13 +1939,11 @@ usage: else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1992,11 +1956,9 @@ usage: } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2367,7 +2329,6 @@ usage: goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2397,7 +2358,6 @@ usage: goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2427,7 +2387,6 @@ usage: opt.min_version = ciphersuite_info->min_tls_version; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2439,7 +2398,6 @@ usage: alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2732,7 +2690,6 @@ usage: #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2768,7 +2725,6 @@ usage: } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3182,7 +3138,6 @@ usage: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3199,7 +3154,6 @@ usage: goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3213,7 +3167,6 @@ usage: } if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3227,7 +3180,6 @@ usage: } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3384,7 +3336,6 @@ reset: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3410,7 +3361,6 @@ reset: } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4253,11 +4203,9 @@ exit: mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4269,8 +4217,7 @@ exit: } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4284,11 +4231,9 @@ exit: (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4307,9 +4252,8 @@ exit: psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4317,12 +4261,10 @@ exit: } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index f9a6402525..ad3feb65b8 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -83,13 +83,11 @@ void rng_init(rng_context_t *rng) int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (reproducible) { mbedtls_fprintf(stderr, - "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n"); + "reproducible mode is not supported.\n"); return -1; } -#endif #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* The PSA crypto RNG does its own seeding. */ (void) rng; @@ -217,7 +215,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) int key_opaque_set_alg_usage(const char *alg1, const char *alg2, psa_algorithm_t *psa_alg1, psa_algorithm_t *psa_alg2, @@ -301,7 +298,6 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor return 0; } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback(void *data, mbedtls_x509_crt const *child, diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index c001a2afa1..ea5dbecb89 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -14,9 +14,8 @@ #include "mbedtls/md.h" #undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ + defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #define HAVE_RNG #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #define HAVE_RNG @@ -55,10 +54,8 @@ #include "mbedtls/base64.h" #include "test/certs.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" @@ -108,7 +105,7 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. * @@ -121,14 +118,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); * where the test programs use the PSA RNG while the PSA RNG is itself based * on entropy+DRBG, and at least one configuration where the test programs * do not use the PSA RNG even though it's there. - * - * A simple choice that meets the constraints is to use the PSA RNG whenever - * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the - * choice to use the PSA RNG in the test programs and the choice to use - * PSA crypto when TLS code needs crypto have to be tied together, but it - * happens to be a good match. It's also a good match from an application - * perspective: either PSA is preferred for TLS (both for crypto and for - * random generation) or it isn't. */ #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG #endif @@ -213,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); */ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** Parse given opaque key algorithms to obtain psa algs and usage * that will be passed to mbedtls_pk_wrap_as_opaque(). * @@ -259,9 +247,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* The test implementation of the PSA external RNG is insecure. When * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto * function that makes use of an RNG, you must call diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index d9d5bb60ac..c747505519 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -152,14 +152,12 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -446,9 +444,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e59772ffda..02fd567841 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -162,14 +162,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -502,9 +500,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cur = opt.san_list; while (cur != NULL) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 3cabff4b5a..fb55c3f291 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -326,14 +326,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); memset(serial, 0, sizeof(serial)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -1026,9 +1024,7 @@ exit: mbedtls_pk_free(&loaded_issuer_key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index fee8b693ce..bb518adeef 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ usage: exit: mbedtls_x509_crl_free(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 2ae7c9b017..34d3508459 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -86,14 +86,12 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc <= 1) { mbedtls_printf(USAGE); @@ -159,9 +157,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 2929d687d4..b960818a09 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ usage: exit: mbedtls_x509_csr_free(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 5bfdedaaf0..d019c5065e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -31,11 +31,9 @@ #include "mbedtls/ssl_cache.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) -#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(PSA_WANT_KEY_TYPE_AES) @@ -751,18 +749,11 @@ int mbedtls_test_get_tls13_ticket( #define ECJPAKE_TEST_PWD "bla" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ ret = (use_opaque_arg) ? \ mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1eca6e496d..83dac17419 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -644,11 +644,9 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) ep->cert = NULL; } if (ep->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { psa_destroy_key(ep->pkey->priv_id); } -#endif mbedtls_pk_free(ep->pkey); mbedtls_free(ep->pkey); ep->pkey = NULL; @@ -725,9 +723,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int i = 0; int ret = -1; int ok = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -759,7 +755,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(load_endpoint_ecc(ep), 0); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ @@ -776,11 +771,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, mbedtls_pk_init(ep->pkey); TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); @@ -1212,7 +1202,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, unsigned char *output, size_t *olen) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; @@ -1246,10 +1235,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, *olen += part_len; return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && PSA_WANT_KEY_TYPE_AES */ @@ -1383,14 +1368,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t key_bits = 0; int ret = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - mbedtls_cipher_info_t const *cipher_info; -#endif size_t keylen, maclen, ivlen = 0; unsigned char *key0 = NULL, *key1 = NULL; @@ -1422,58 +1403,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (cipher_mode == MBEDTLS_MODE_CBC || cipher_mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); - CHK(md_info != NULL); -#endif maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); CHK(maclen != 0); /* Pick hash keys */ @@ -1482,7 +1415,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md0, 0x5, maclen); memset(md1, 0x6, maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1523,21 +1455,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, CHK(psa_import_key(&attributes, md0, maclen, &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif } #else ((void) hash_id); @@ -1657,7 +1574,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = mbedtls_ssl_cipher_to_psa(cipher_type, t_in->taglen, &alg, @@ -1720,7 +1636,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, goto cleanup; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cleanup: @@ -1737,9 +1652,7 @@ cleanup: int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, mbedtls_ssl_transform *transform_out) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#endif /* Serialized version of record header for MAC purposes */ unsigned char add_data[13]; @@ -1751,7 +1664,6 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, add_data[12] = (record->data_len >> 0) & 0xff; /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t sign_mac_length = 0; TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, transform_out->psa_mac_enc, @@ -1767,26 +1679,13 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, mac, sizeof(mac), &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; - TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); -#endif memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); record->data_len += transform_out->maclen; return 0; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_abort(&operation); -#endif return -1; } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -1840,7 +1739,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, return -1; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; @@ -1851,12 +1749,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, &hash_size); ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { return ret; }