diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 8516f3a251..372a84dc79 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -21,7 +21,6 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "mbedtls/sha3.h" -#include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" #include "mbedtls/aria.h" @@ -296,9 +295,6 @@ const selftest_t selftests[] = defined(PSA_WANT_ALG_SHA3_512) { "sha3", mbedtls_sha3_self_test }, #endif -#if defined(MBEDTLS_DES_C) - { "des", mbedtls_des_self_test }, -#endif #if defined(MBEDTLS_AES_C) { "aes", mbedtls_aes_self_test }, #endif @@ -448,7 +444,8 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \ + " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ + "\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ diff --git a/scripts/config.py b/scripts/config.py index e5182a6a59..a61e9f6d56 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -75,7 +75,7 @@ EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options diff --git a/tests/compat.sh b/tests/compat.sh index 975d8dc3d9..a11fffda06 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -599,11 +599,6 @@ setup_arguments() *) O_SUPPORT_STATIC_ECDH="NO";; esac - case $($OPENSSL ciphers ALL) in - *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; - *) O_SUPPORT_SINGLE_DES="NO";; - esac - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL # supports -dtls1_2 from the s_server help. (The s_client # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 9de7597c1c..98204083cd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1734,53 +1734,6 @@ component_test_psa_crypto_config_reference_hmac () { make test } -component_test_psa_crypto_config_accel_des () { - msg "test: accelerated DES" - - # Albeit this components aims at accelerating DES which should only support - # CBC and ECB modes, we need to accelerate more than that otherwise DES_C - # would automatically be re-enabled by "config_adjust_legacy_from_psa.c" - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ - ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \ - KEY_TYPE_DES" - - # Note: we cannot accelerate all ciphers' key types otherwise we would also - # have to either disable CCM/GCM or accelerate them, but that's out of scope - # of this component. This limitation will be addressed by #8598. - - # Configure - # --------- - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_CMAC_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o - - # Run the tests - # ------------- - - msg "test: accelerated DES" - make test -} - component_test_psa_crypto_config_accel_aead () { msg "test: accelerated AEAD" @@ -1841,7 +1794,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" + KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" # Configure # --------- @@ -1878,7 +1831,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o @@ -2168,7 +2120,7 @@ component_build_aes_variations () { cd "$MBEDTLS_ROOT_DIR" msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 6b3f9c2a67..ff8315711e 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -63,7 +63,7 @@ component_test_tls1_2_default_stream_cipher_only () { # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) # Note: The unset below is to be removed for 4.0 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -96,7 +96,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -129,7 +129,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC