From cd4da16eea02f2cfeeb53ba0845305bcb4558980 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Aug 2024 21:51:39 +0200 Subject: [PATCH] Don't call psa_crypto_init in test programs when not required for TLS 1.3 For backward compatibility with Mbed TLS <=3.5.x, applications must be able to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3, regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0, we enable TLS 1.3 in the default configuration, so we must take care of calling psa_crypto_init() if needed. This is a change from TLS 1.3 in previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user choice and could have additional requirement. This commit changes our test programs to validate that the library does not have the compatibility-breaking requirement. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 15 ++++++++++++--- programs/ssl/ssl_server2.c | 15 +++++++++++++-- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d494de3a60..cd839c1610 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -818,8 +818,6 @@ int main(int argc, char *argv[]) psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; #endif rng_context_t rng; @@ -894,7 +892,15 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* For builds with TLS 1.3 enabled but not MBEDTLS_USE_PSA_CRYPTO, + * we deliberately do not call psa_crypto_init() here, to test that + * the library is backward-compatible with versions prior to 3.6.0 + * where calling psa_crypto_init() was not required to open a TLS + * connection in the default configuration. See + * https://github.com/Mbed-TLS/mbedtls/issues/9072 and + * mbedtls_ssl_tls13_crypto_init(). + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -3192,6 +3198,9 @@ exit: /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ + /* For builds with MBEDTLS_SSL_PROTO_TLS1_3, PSA may have been + * initialized under the hood by the TLS layer. See + * mbedtls_ssl_tls13_crypto_init(). */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 480b262446..79a742e152 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1594,7 +1594,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #endif unsigned char eap_tls_keymaterial[16]; @@ -1660,7 +1660,15 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* For builds with TLS 1.3 enabled but not MBEDTLS_USE_PSA_CRYPTO, + * we deliberately do not call psa_crypto_init() here, to test that + * the library is backward-compatible with versions prior to 3.6.0 + * where calling psa_crypto_init() was not required to open a TLS + * connection in the default configuration. See + * https://github.com/Mbed-TLS/mbedtls/issues/9072 and + * mbedtls_ssl_tls13_crypto_init(). + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -4309,6 +4317,9 @@ exit: /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ + /* For builds with MBEDTLS_SSL_PROTO_TLS1_3, PSA may have been + * initialized under the hood by the TLS layer. See + * mbedtls_ssl_tls13_crypto_init(). */ #if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free();