From d381d2d5fccf17d87822ac85ac7f37c22697f072 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 09:26:39 +0200 Subject: [PATCH 01/10] Init PSA in ssl and x509 programs Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 10 ++++++++++ programs/ssl/dtls_server.c | 10 ++++++++++ programs/ssl/mini_client.c | 10 ++++++++++ programs/ssl/ssl_client1.c | 9 +++++++++ programs/ssl/ssl_context_info.c | 10 ++++++++++ programs/ssl/ssl_fork_server.c | 9 +++++++++ programs/ssl/ssl_mail_client.c | 9 +++++++++ programs/ssl/ssl_pthread_server.c | 10 ++++++++++ programs/ssl/ssl_server.c | 10 ++++++++++ programs/x509/cert_app.c | 9 +++++++++ programs/x509/cert_req.c | 9 +++++++++ programs/x509/cert_write.c | 9 +++++++++ programs/x509/crl_app.c | 9 +++++++++ programs/x509/load_roots.c | 9 +++++++++ programs/x509/req_app.c | 9 +++++++++ 15 files changed, 141 insertions(+) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index ad51cbeedf..01f6cd8723 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -101,6 +101,16 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 4310f4e6fa..93d5bfed03 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -111,6 +111,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 688c9fc766..58e3d787b1 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -170,6 +170,16 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize and setup stuff */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index ffdef3b422..1c68d1cd82 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -87,6 +87,15 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize the RNG and the session data */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index a8b2b470e0..3c61fc0eee 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -23,6 +23,7 @@ #include MBEDTLS_CONFIG_FILE #endif #include "mbedtls/debug.h" +#include "mbedtls/platform.h" #include #include @@ -939,6 +940,15 @@ int main(int argc, char *argv[]) size_t ssl_max_len = SSL_INIT_LEN; size_t ssl_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* The 'b64_file' is opened when parsing arguments to check that the * file name is correct */ parse_arguments(argc, argv); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 5a4ac3eedb..df8da055db 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -100,6 +100,15 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 6f1dc1cd88..decbdbb3f5 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -355,6 +355,15 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Make sure memory references are valid in case we exit early. */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 4d7e648428..ba28b254e0 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -311,6 +311,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 8f6a5730d7..c0a09a233c 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -97,6 +97,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index b14b084b91..5fc1370a57 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -149,6 +149,15 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index d7818d7515..2f4bd0e127 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -155,6 +155,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ea20144e95..18a05caef9 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -226,6 +226,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index b00f9f3b7f..5a07963778 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index faf4ba90c8..87187e6912 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -132,6 +132,15 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index dd7fac74d1..a5fb1b6ac2 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ From 0c9d048d26680722d58097380699e251110139ac Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 12:28:16 +0200 Subject: [PATCH 02/10] cert_app: init entropy unconditionally When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault. Signed-off-by: Przemek Stekiel --- programs/x509/cert_app.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 5fc1370a57..4fae3b2d99 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -166,6 +166,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); + mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init(&cacrl); #else @@ -351,7 +352,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { From b00688fb1472259a9ddf67b761d741eda5dfaa2a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:10:05 +0200 Subject: [PATCH 03/10] Move psa_crypto_init() after other init calls Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 22 +++++++++++----------- programs/ssl/dtls_server.c | 20 ++++++++++---------- programs/ssl/mini_client.c | 22 +++++++++++----------- programs/ssl/ssl_client1.c | 21 +++++++++++---------- programs/ssl/ssl_fork_server.c | 18 +++++++++--------- programs/ssl/ssl_mail_client.c | 20 ++++++++++---------- programs/ssl/ssl_pthread_server.c | 20 ++++++++++---------- programs/ssl/ssl_server.c | 20 ++++++++++---------- programs/x509/cert_app.c | 18 +++++++++--------- programs/x509/cert_req.c | 18 +++++++++--------- programs/x509/cert_write.c | 18 +++++++++--------- programs/x509/crl_app.c | 10 +++++----- programs/x509/req_app.c | 10 +++++----- 13 files changed, 119 insertions(+), 118 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 01f6cd8723..d696932248 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -101,16 +101,6 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif @@ -123,11 +113,21 @@ int main(int argc, char *argv[]) mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 93d5bfed03..631cfcdbc7 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -111,16 +111,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -134,6 +124,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 58e3d787b1..3a629b0255 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -170,6 +170,17 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); + /* + * 0. Initialize and setup stuff + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) + mbedtls_x509_crt_init(&ca); +#endif + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -180,17 +191,6 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize and setup stuff - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_init(&ca); -#endif - - mbedtls_entropy_init(&entropy); if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { ret = ctr_drbg_seed_failed; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 1c68d1cd82..c30f7b8ab7 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -87,6 +87,16 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif + /* + * 0. Initialize the RNG and the session data + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + mbedtls_x509_crt_init(&cacert); + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -96,19 +106,10 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); + if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index df8da055db..d75bb3c596 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -100,15 +100,6 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -118,6 +109,15 @@ int main(void) mbedtls_x509_crt_init(&srvcert); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + signal(SIGCHLD, SIG_IGN); /* diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index decbdbb3f5..a9742a2eb0 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -355,15 +355,6 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Make sure memory references are valid in case we exit early. */ @@ -375,6 +366,16 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&clicert); mbedtls_pk_init(&pkey); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -464,7 +465,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index ba28b254e0..14fc6a4633 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -311,16 +311,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif @@ -347,6 +337,16 @@ int main(void) */ mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 1. Load the certificates and private RSA key */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index c0a09a233c..d4e0dbc569 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -97,16 +97,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -119,6 +109,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 4fae3b2d99..07016e49f1 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -149,15 +149,6 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -175,6 +166,15 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 2f4bd0e127..a3fd6e2dc9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -155,6 +155,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; + /* + * Set to sane values + */ + mbedtls_x509write_csr_init(&req); + mbedtls_pk_init(&key); + mbedtls_ctr_drbg_init(&ctr_drbg); + memset(buf, 0, sizeof(buf)); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -164,14 +173,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -303,7 +304,6 @@ usage: mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 18a05caef9..f7cf7121c8 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -226,15 +226,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -250,6 +241,15 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&issuer_crt); memset(buf, 0, 1024); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 5a07963778..1208f040fb 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -67,6 +67,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_crl_init(&crl); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -76,11 +81,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_crl_init(&crl); - if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index a5fb1b6ac2..07cbd4fb7c 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -67,6 +67,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_csr_init(&csr); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -76,11 +81,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_csr_init(&csr); - if (argc < 2) { usage: mbedtls_printf(USAGE); From af48f3cf8e4a0ae39c847d809b7b59a2e91c481b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:11:01 +0200 Subject: [PATCH 04/10] Remove print from mini_client Signed-off-by: Przemek Stekiel --- programs/ssl/mini_client.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 3a629b0255..d7deca2b64 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -184,8 +184,6 @@ int main(void) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } From c4ddf92986f189fb992c3cfcbdea29ee4e0a2545 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 10:15:26 +0200 Subject: [PATCH 05/10] Free psa crypto at the end of programs when initialized Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 2 +- programs/ssl/dtls_server.c | 1 + programs/ssl/mini_client.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 1 + programs/ssl/ssl_pthread_server.c | 4 +--- programs/ssl/ssl_server.c | 2 +- programs/x509/cert_app.c | 1 + programs/x509/cert_req.c | 1 + programs/x509/cert_write.c | 1 + programs/x509/crl_app.c | 1 + programs/x509/load_roots.c | 11 ++++++----- programs/x509/req_app.c | 1 + 15 files changed, 21 insertions(+), 13 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index d696932248..c35c4e2654 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -334,12 +334,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 631cfcdbc7..568ef1fe1b 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,6 +404,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d7deca2b64..6208859634 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -274,7 +274,6 @@ int main(void) exit: mbedtls_net_free(&server_fd); - mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); @@ -282,6 +281,7 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif + mbedtls_psa_crypto_free(); mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c30f7b8ab7..6d8ff0bb8b 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -284,12 +284,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 3c61fc0eee..be8dee525a 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1017,6 +1017,8 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } + mbedtls_psa_crypto_free(); + return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d75bb3c596..efa9ad1e01 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -378,13 +378,13 @@ int main(void) exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index a9742a2eb0..27bf137be2 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -801,6 +801,7 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 14fc6a4633..e57c63ec84 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -487,14 +487,12 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); mbedtls_ssl_config_free(&conf); - mbedtls_net_free(&listen_fd); - mbedtls_mutex_free(&debug_mutex); - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index d4e0dbc569..0da0f87054 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -357,7 +357,6 @@ exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); @@ -367,6 +366,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 07016e49f1..721de84a9c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -461,6 +461,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index a3fd6e2dc9..43b1eb1e91 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -374,6 +374,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index f7cf7121c8..bf46799a07 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -726,6 +726,7 @@ exit: mbedtls_mpi_free(&serial); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 1208f040fb..f99d9ac685 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -136,6 +136,7 @@ usage: exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 87187e6912..bca6e883ac 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -127,11 +127,6 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; - if (argc <= 1) { - mbedtls_printf(USAGE); - goto exit; - } - #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -141,6 +136,11 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc <= 1) { + mbedtls_printf(USAGE); + goto exit; + } + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; @@ -200,6 +200,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 07cbd4fb7c..b1fc98ca76 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -136,6 +136,7 @@ usage: exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 9c0fc2ddbefe78e3b2561851f2135c287db68fc9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:38:12 +0200 Subject: [PATCH 06/10] Init PSA in pkey programs Signed-off-by: Przemek Stekiel --- programs/pkey/gen_key.c | 10 ++++++++++ programs/pkey/key_app.c | 10 ++++++++++ programs/pkey/key_app_writer.c | 10 ++++++++++ programs/pkey/pk_decrypt.c | 10 ++++++++++ programs/pkey/pk_encrypt.c | 10 ++++++++++ programs/pkey/pk_sign.c | 10 ++++++++++ programs/pkey/pk_verify.c | 10 ++++++++++ programs/pkey/rsa_sign_pss.c | 10 ++++++++++ programs/pkey/rsa_verify_pss.c | 10 ++++++++++ 9 files changed, 90 insertions(+) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 1a6463d8a2..20fc17f90d 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -204,6 +204,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -411,6 +420,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index a757cb3e7c..82a4de12a5 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -91,6 +91,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto cleanup; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -275,6 +284,7 @@ cleanup: #endif mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 0009d91594..4da4f653a2 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -205,6 +205,15 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -400,6 +409,7 @@ exit: mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); mbedtls_pk_free(&key); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 1dff75c552..9ab01ecc90 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -71,6 +71,15 @@ int main(int argc, char *argv[]) memset(result, 0, sizeof(result)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 2) { mbedtls_printf("usage: mbedtls_pk_decrypt \n"); @@ -142,6 +151,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 9a2549a943..f3c3274652 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) mbedtls_entropy_init(&entropy); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_encrypt \n"); @@ -144,6 +153,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 19a855b2b0..a52584a386 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -66,6 +66,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -141,6 +150,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index f816e927ca..49b520489a 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -58,6 +58,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -117,6 +126,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index d1afdeef0e..63bc755f31 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -149,6 +158,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 1718872d32..9fb0401d1e 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -61,6 +61,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -127,6 +136,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 9dd2167ea42c95e0211cbedf00ca6250e50458db Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:41:02 +0200 Subject: [PATCH 07/10] Add changelog entry (PSA initialization in sample programs) Signed-off-by: Przemek Stekiel --- ChangeLog.d/programs_psa_fix.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/programs_psa_fix.txt diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt new file mode 100644 index 0000000000..fe2099ecc3 --- /dev/null +++ b/ChangeLog.d/programs_psa_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix missing PSA initialization in sample programs when + MBEDTLS_USE_PSA_CRYPTO is enabled. From 8fa17b64f26648c931bffc2ea805ce012427085f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 11:47:01 +0200 Subject: [PATCH 08/10] Init PSA in fuzz programs Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 8 ++++++++ programs/fuzz/fuzz_dtlsclient.c | 8 ++++++++ programs/fuzz/fuzz_dtlsserver.c | 12 ++++++++++++ programs/fuzz/fuzz_privkey.c | 10 ++++++++++ programs/fuzz/fuzz_pubkey.c | 8 ++++++++ programs/fuzz/fuzz_server.c | 15 ++++++++++++++- programs/fuzz/fuzz_x509crl.c | 8 ++++++++ programs/fuzz/fuzz_x509crt.c | 8 ++++++++ programs/fuzz/fuzz_x509csr.c | 8 ++++++++ 9 files changed, 84 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index a415874b2e..3776b8ae9a 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -77,6 +77,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -184,6 +191,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 1fcbc92efc..f8f5840d80 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,6 +61,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -119,6 +126,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 529fbbf819..9b8ebe7ac8 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -74,6 +74,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_entropy_init(&entropy); mbedtls_ssl_cookie_init(&cookie_ctx); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -152,9 +159,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_ssl_cookie_free(&cookie_ctx); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_pk_free(&pkey); + mbedtls_x509_crt_free(&srvcert); +#endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index c24f275969..e51ee3010c 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -18,6 +18,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } mbedtls_pk_init(&pk); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); if (ret == 0) { #if defined(MBEDTLS_RSA_C) @@ -63,7 +71,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 388b4c586e..16d9d83568 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -9,6 +9,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_pk_context pk; mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_pk_parse_public_key(&pk, Data, Size); if (ret == 0) { #if defined(MBEDTLS_RSA_C) @@ -64,7 +70,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e161d7ee9e..06aeb5e632 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -89,6 +89,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_ticket_init(&ticket_ctx); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -195,8 +202,14 @@ exit: mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_x509_crt_free(&srvcert); + mbedtls_pk_free(&pkey); +#endif mbedtls_ssl_free(&ssl); - +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 3aaa8e5ffd..21d9700b5e 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } +exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index a5cb7ecdec..f3175796b6 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); if (ret == 0) { ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); } +exit: mbedtls_x509_crt_free(&crt); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index afd20315bf..6ac695f9d5 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } +exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; From d4d049b88fba28ee6397d063e34b08d3837b42b6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 13:47:43 +0200 Subject: [PATCH 09/10] Add guards for mbedtls_psa_crypto_free() Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_privkey.c | 4 +++- programs/fuzz/fuzz_pubkey.c | 4 +++- programs/fuzz/fuzz_x509crl.c | 4 +++- programs/fuzz/fuzz_x509crt.c | 4 +++- programs/fuzz/fuzz_x509csr.c | 4 +++- programs/pkey/gen_key.c | 2 ++ programs/pkey/key_app.c | 2 ++ programs/pkey/key_app_writer.c | 2 ++ programs/pkey/pk_decrypt.c | 2 ++ programs/pkey/pk_encrypt.c | 2 ++ programs/pkey/pk_sign.c | 2 ++ programs/pkey/pk_verify.c | 2 ++ programs/pkey/rsa_sign_pss.c | 2 ++ programs/pkey/rsa_verify_pss.c | 2 ++ programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ programs/x509/cert_app.c | 2 ++ programs/x509/cert_req.c | 2 ++ programs/x509/cert_write.c | 2 ++ programs/x509/crl_app.c | 2 ++ programs/x509/load_roots.c | 2 ++ programs/x509/req_app.c | 2 ++ 32 files changed, 69 insertions(+), 5 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 3776b8ae9a..2de51a6e9b 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -191,7 +191,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index f8f5840d80..d414bb3b05 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -126,7 +126,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 9b8ebe7ac8..df4087a155 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -166,7 +166,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index e51ee3010c..d1da5890ac 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -71,9 +71,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_pk_free(&pk); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 16d9d83568..199f8e6899 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -70,9 +70,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_pk_free(&pk); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 21d9700b5e..1140c3d7d3 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crl_free(&crl); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crl_free(&crl); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index f3175796b6..3593236148 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crt_free(&crt); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crt_free(&crt); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 6ac695f9d5..25d68b033e 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_csr_free(&csr); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 20fc17f90d..cd21743fb4 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -420,7 +420,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 82a4de12a5..2f308304bc 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -284,7 +284,9 @@ cleanup: #endif mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 4da4f653a2..e986ada826 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -409,7 +409,9 @@ exit: mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); mbedtls_pk_free(&key); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 9ab01ecc90..c3ff53d9f1 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -151,7 +151,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index f3c3274652..5f5a424fed 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -153,7 +153,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index a52584a386..2a8b7a4cf5 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -150,7 +150,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 49b520489a..96a5d28f1c 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -126,7 +126,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 63bc755f31..effff259b9 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -158,7 +158,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 9fb0401d1e..a9c75ef704 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -136,7 +136,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index c35c4e2654..beac5d5d98 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -339,7 +339,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 568ef1fe1b..2128d02c9a 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,7 +404,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 6208859634..27154d8f82 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -281,7 +281,9 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 6d8ff0bb8b..933ae7555f 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -289,7 +289,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index be8dee525a..d503fab569 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1017,7 +1017,9 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index efa9ad1e01..adba12aabe 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -384,7 +384,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 27bf137be2..89a26fc70a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -801,7 +801,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index e57c63ec84..b4a718d7a2 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -492,7 +492,9 @@ exit: #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 0da0f87054..69fd0bb065 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -366,7 +366,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 721de84a9c..294e994c7d 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -461,7 +461,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 43b1eb1e91..db200d9b11 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -374,7 +374,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bf46799a07..02ff836aaf 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -726,7 +726,9 @@ exit: mbedtls_mpi_free(&serial); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index f99d9ac685..e3e0577735 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -136,7 +136,9 @@ usage: exit: mbedtls_x509_crl_free(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index bca6e883ac..e28f35a79d 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -200,7 +200,9 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index b1fc98ca76..b447c6aa1b 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -136,7 +136,9 @@ usage: exit: mbedtls_x509_csr_free(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 44f2694ad79667e7b64c90e7b7400399f23f2586 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 09:00:14 +0200 Subject: [PATCH 10/10] Fix code-style Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_pubkey.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 199f8e6899..daca2b3d50 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -74,7 +74,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_pk_free(&pk); + mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 25d68b033e..0ca9b870b8 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -23,7 +23,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_x509_csr_free(&csr); + mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size;